Bug#1008164: RM: obfs4proxy/0.0.8-1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, Jonathan Wiltshire <jmw@debian.org>, 1008164@bugs.debian.org
Cc: pkg-privacy-maintainers@lists.alioth.debian.org, team@security.debian.org
Subject: Bug#1008164: RM: obfs4proxy/0.0.8-1
From: Clément Hermann <nodens@debian.org>
Date: Wed, 14 Aug 2024 08:54:51 +0200
Message-id: <[🔎] 1534a1e8-73ee-4c55-9d6b-d0ba298d7484@debian.org>
Reply-to: Clément Hermann <nodens@debian.org>, 1008164@bugs.debian.org
In-reply-to: <[🔎] c8f33e0537348ede22208fa1d37c3d7ccf7c3405.camel@adam-barratt.org.uk>
References: <20220323121351.0C4867A06A0@netstat.org.uk> <20220323121351.0C4867A06A0@netstat.org.uk> <f51286f4-06ce-9b6c-c529-83220b5ab0b4@debian.org> <20220323121351.0C4867A06A0@netstat.org.uk> <6d511874ada456c2452012710f019f6baee6e873.camel@adam-barratt.org.uk> <ZMddOeW7zyBEUDdT@powdarrmonkey.net> <20220323121351.0C4867A06A0@netstat.org.uk> <ZM65sITF1C7pfCan@pisco.westfalen.local> <20220323121351.0C4867A06A0@netstat.org.uk> <Zowu0bAZmU49eNVj@powdarrmonkey.net> <[🔎] c8f33e0537348ede22208fa1d37c3d7ccf7c3405.camel@adam-barratt.org.uk> <20220323121351.0C4867A06A0@netstat.org.uk>

Hi,

Sorry, the emails went to a strange filter. Pinging on IRC was a goodmove. ;)



Le 12/08/2024 à 22:38, Adam D. Barratt a écrit :

Re-ping, given that we're less than three weeks from the final bullseye
point release.

Regards,

Adam


  On Mon, 2024-07-08 at 19:24 +0100, Jonathan Wiltshire wrote:

Hi,

Ping on this? Adding the maintenance list as well.

Thanks.

On Sat, Aug 05, 2023 at 11:05:52PM +0200, Moritz Mühlenhoff wrote:

Am Mon, Jul 31, 2023 at 08:05:29AM +0100 schrieb Jonathan
Wiltshire:

Hi,

On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote:

Control: retitle -1 RM: obfs4proxy -- RoM; security issues
Control: tags -1 + moreinfo

On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote:

Control: tag -1 bullseye

Hi Ana,

On 23-03-2022 13:13, Ana Custura wrote:

Opening this bug after a recomendation from debian-
security.
Version 0.0.8 of obfs4proxy has a security bug, which has
only been
fixed in a later
version (0.0.13, see bug number #1004374), and also suffers
from
incompatibilty issues
with later versions of the package. Version 0.0.13 is
already in
bullseye-backports.


So this want's removal from bullseye, setting the right tag
to have
it on the radar of the SRM.


obfs4proxy has a reverse-dependency in bullseye:

Checking reverse dependencies...
# Broken Depends:
onionshare: onionshare

Dependency problem found.


This remains unresolved - obfs4proxy cannot be removed while
onionshare
depends on it. Security team - is removal your recommendation?
How can the
dependency be resolved?


Let's add the onionshare maintainer to CC.

In #1004375 onionshare demoted the dependency on obfs4proxy to a
Recommends,
can we apply the same to onionshare 2.2 from Bullseye?

In my opinion, it should work. I hope to be able to test later today andwill report then.

Anyway, I really hope no user (or Debian derivative) relying onobfs4proxy is still using bullseye.


Cheers
--
nodens

Reply to:

Follow-Ups:
- Bug#1008164: RM: obfs4proxy/0.0.8-1
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Bug#1008164: RM: obfs4proxy/0.0.8-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: fuse-udeb unused? (make fuse not key)
Next by Date: Re: Bullseye becoming LTS next Thursday
Previous by thread: Bug#1008164: RM: obfs4proxy/0.0.8-1
Next by thread: Bug#1008164: RM: obfs4proxy/0.0.8-1
Index(es):
- Date
- Thread