Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
- To: 959723@bugs.debian.org
- Cc: Andrej Shadura <andrew@shadura.me>, Julien Cristau <jcristau@debian.org>
- Subject: Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Fri, 10 Jul 2020 19:13:12 +0200
- Message-id: <[🔎] 20200710171312.GA187849@pisco.westfalen.local>
- Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 959723@bugs.debian.org
- In-reply-to: <20200506212242.GA1987173@pisco.westfalen.local>
- References: <158859905378.1600869.15811189350131380448.reportbug@nuevo> <20200504133525.GA329489@chou> <20200504163023.jvceiyp2vn33n3xg@nuevo> <20200504163326.GA22937@topinambour.cristau.org> <20200504210421.ydkrva7pno3gfcpz@nuevo> <20200506212242.GA1987173@pisco.westfalen.local> <158859905378.1600869.15811189350131380448.reportbug@nuevo>
On Wed, May 06, 2020 at 11:22:42PM +0200, Moritz Mühlenhoff wrote:
> On Mon, May 04, 2020 at 11:04:21PM +0200, Andrej Shadura wrote:
> > On Mon, May 04, 2020 at 06:33:26PM +0200, Julien Cristau wrote:
> > > > I think in this case it’s okay because of this NEWS entry:
> > > >
> > > > https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/
> >
> > > I'm not sure how that makes it any better? NEWS is shown on upgrade at
> > > best, so anyone installing this on buster won't see it.
> >
> > True; I haven’t thought about people who never had synapse installed
> > before. In any case, I think anyone installing this on buster does
> > follow the news about Matrix and probably tried to figure out how to
> > upgrade.
>
> Notifying users about an EOL package is handled by debian-security-support,
> simply file a bug against it and the next time it lands in stable, people
> will be notified who have it installed.
>
> I'm all in favour of removing it by 10.4 or 10.5, depending on whether
> the timing still allows for 10.4.
Let's remove it for the upcoming 10.5 update, then?
Cheers,
Moritz
Reply to: