Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3

To: Georg Faerber <georg@riseup.net>, 910398@bugs.debian.org
Cc: Moritz Mühlenhoff <jmm@inutil.org>, "Adam D. Barratt" <adam@adam-barratt.org.uk>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, team@security.debian.org
Subject: Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 21 Oct 2018 13:48:23 +0200
Message-id: <[🔎] 20181021114823.GA6658@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 910398@bugs.debian.org
In-reply-to: <[🔎] 20181021112136.GG19229@debian>
References: <[🔎] 877eiw1045.fsf@fifthhorseman.net> <[🔎] 1540028611.3141.38.camel@adam-barratt.org.uk> <[🔎] 877eiw1045.fsf@fifthhorseman.net> <[🔎] 20181021100531.GA17745@pisco.westfalen.local> <[🔎] 877eiw1045.fsf@fifthhorseman.net> <[🔎] 20181021112136.GG19229@debian> <[🔎] 877eiw1045.fsf@fifthhorseman.net>

Hi,

On Sun, Oct 21, 2018 at 11:21:36AM +0000, Georg Faerber wrote:
> Hi,
> 
> On 18-10-21 12:05:31, Moritz Mühlenhoff wrote:
> > That's all bugfixes related to enabling Enigmail and nothing in their
> > is itself security-related, so I think that's something for the point
> > update, not security.debian.org
> 
> That's quite unfortunate to hear, and I don't share this opinion (even
> if this doesn't count in this case, I guess), for reasons outlined in
> the initial mail by dkg of this bug report in the "fixing enigmail"
> section.
> 
> As of now, enigmail, which people use to secure their communication, is
> broken, therefore, IMHO, fixing it would be indeed a security fix.
> 
> I spoke to quite some "end users" during the last weeks about this and
> heard the problems they've run into; personally, to not further delay
> this, I would very much appreciate if this could be handled via
> security.d.o.

Some packages can be 'fast-tracked' from proposed-updates before a
point release though still via the 'stable-updates' mechanism[1]. It
was announced back in [2], and might be an option here if the SRM can
be convinced it is needed (a.k.a if Adam gives it's okay here).

 [1] https://wiki.debian.org/StableUpdates
 [2] https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
  - From: Georg Faerber <georg@riseup.net>

Prev by Date: Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
Next by Date: Bug#911524: stretch-pu: package calendar-exchange-provider/5.0.0-alpha1
Previous by thread: Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
Next by thread: Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
Index(es):
- Date
- Thread