Your message dated Mon, 22 Mar 2021 21:10:31 +0100 with message-id <28075149-3914-6dbb-3057-9db11a011a2c@debian.org> and subject line Re: Bug#983876: unblock: otrs2/6.0.32-1 has caused the Debian Bug report #983876, regarding unblock: otrs2/6.0.32-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 983876: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983876 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: otrs2/6.0.32-1
- From: Patrick Matthäi <pmatthaei@debian.org>
- Date: Tue, 02 Mar 2021 16:58:29 +0100
- Message-id: <[🔎] 161470070900.20767.10104533608263216307.reportbug@srv1.linux-dev.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello release team, I try to citize from my mails to the security team:, it's about #982927: Yesterday I had a videocall with the owner and lead developer of OTOBO. They want to support me keeping the otrs2 source package in a good shape for Bullseye, so that users of the package dont have to worry now. Kicking the package out of Debian would not be optimal. They also showed me https://github.com/znuny/Znuny (https://www.znuny.com/) - they also forked OTRS CE 6 and fixing bugs and security bugs, also all known open bugs in CVE/Debian atm. So the plan would be now: * Switch the source of the otrs2 package to the znuny one, so that we have releases based on an open(source) maintained safe codebase => can I get the go from you for that? * otrs packaging at all is obsolete for bullseye+1. I will package otobo, also with otobo support, and we will work on a easy way so that users later can migrate from otrs to otobo We also spoke about the open security issues, there is indeed one in the CKEditor, but: #980891: They way otrs uses this library it should not be possible to attack the user, mostly only the attacker himself #982586: Thats a wrong information from the OTRS AG, because it does not affect otrs 6 CE. It depends on that you use an external interface, which is available in OTRS 7 and 8 (not free) and maybe in the not-free otrs 6 package via addon, but not in the community edition, which is also packaged in Debian. XXXXXX itself is not helpful at all anymore and just wrote me ************** I hope switching as fast as possible to the znuny fork for the otrs2 source package is also an option for you, I dont want to release bullseye without it ----- I just uploaded the otrs2 6.0.32 package to experimental. Could I have your ACK for bullseye? :-) -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
- To: Patrick Matthäi <pmatthaei@debian.org>, 983876-done@bugs.debian.org
- Subject: Re: Bug#983876: unblock: otrs2/6.0.32-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Mon, 22 Mar 2021 21:10:31 +0100
- Message-id: <28075149-3914-6dbb-3057-9db11a011a2c@debian.org>
- In-reply-to: <[🔎] fabdcff4-fe53-e040-efa9-7d8c8e46a914@debian.org>
- References: <[🔎] 161470070900.20767.10104533608263216307.reportbug@srv1.linux-dev.org> <57e62486-0803-6ef0-a42c-0cebef04bf8a@debian.org> <[🔎] f0c8d31a-4c0b-82f4-36f6-356f09ecd944@debian.org> <[🔎] f4ebcf6a-09b7-7a31-058b-81d0299b6722@debian.org> <[🔎] fabdcff4-fe53-e040-efa9-7d8c8e46a914@debian.org>
Hi Patrick, Unblocked. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---