Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
On Wed, Mar 14, 2007 at 11:43:40AM +0100, Frank Küster wrote:
> Moritz Muehlenhoff <jmm@inutil.org> wrote:
> > For the upcoming stable distribution (etch) these problems have been
> > fixed in version 1.4.6-2.
> However, etch still has 1.4.6-1, and no freeze exception has been
> requested.
But it has been granted.
$ grep-excuses gnupg
gnupg (1.4.6-1 to 1.4.6-2)
Maintainer: James Troup
Too young, only 1 of 5 days old
Ignoring request to block package by freeze, due to unblock request by he
Not considered
$
We don't expect maintainers to request unblocks for RC bugfixes (in fact, I
prefer they don't, it's just extra mail to reply to).
> I'm not sure about the policy for security updates in etch, but it doesn't
> seem proper to announce the availability in a DSA if it's not yet true...
Hopefully, the fact that the security team made this statement means they
were aware 1.4.6-2 was a candidate for inclusion in etch.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: