Hi Arnaud, On 13-06-2019 10:46, Arnaud Rebillout wrote: >>> Or should I just stick to 18.09.1, and only upload a new debian version >>> that only includes the CVE fix? >> You'll get an unblock much easier. > > > I'll go this way then :) > I won't audit the whole 142 commits, even less convince myself or anyone > about what it brings on the table, so I'll stick to fixing the CVE that > is opened at the moment. I don't like to rush you, but be aware that the time slot to fix this is closing. The package needs to be ready to migrate at 2019-06-25 13:00 UTC [1]. If the package isn't ready, we'll remove it from buster (fixing some headaches for the security team, but a shame nevertheless). Paul [1] https://lists.debian.org/debian-devel-announce/2019/06/msg00003.html
Attachment:
signature.asc
Description: OpenPGP digital signature