Bug#1123738: Bug#1125042: Errands in trixie-backports
John Scott
jscott at posteo.net
Sun Jan 11 17:48:25 GMT 2026
Hello,
On bug #1125042, Jeremy Bícha wrote:
> Leandro Cunha <leandrocunha016 at gmail.com> wrote:
> > there's an interesting fix like #1123738.
>
> That particular fix appears to be small and could be pushed as a regular trixie update without backports.
> https://github.com/mrvladus/Errands/commit/04e567b4320
It seems like everyone has accidentally missed the mails I've been sending to that original report like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#17 (attached for your convenience). I'm invested in this issue as the original submitter and having articulated the security risks upstream. Except for translation updates that TLS-related fix is the only substantial change in the newer upstream releases (because most upstream activity has shifted to the C rewrite), so I think going from 46.2.8 to 46.2.10 is appropriate for trixie-updates.
> [Jeremy] I don't have experience with Debian backports so I don't think I have the capacity to help you there. I can sponsor stable updates though.
I'm not a Debian Developer and don't have uploading rights for Errands, so if you would sponsor the final package upload, I'd love to take charge of all else:
• send a merge request in Salsa which I'm almost finished with to have 46.2.10 for Trixie
• ask the Release Team for approval for trixie-updates, with an assessment of the risks
◦ As a formality, I still need to hear back from the Security Team that this doesn't need to go into their queue instead https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#22
I do agree that this would be inappropriate as a backport.
Thank you
-------------- next part --------------
An embedded message was scrubbed...
From: John Scott <jscott at posteo.net>
Subject: Re: Bug#1123738 Errands skipping TLS checks: can this be addressed in Trixie?
Date: Thu, 01 Jan 2026 18:22:35 -0500
Size: 2203
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20260111/e078ee36/attachment-0001.eml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20260111/e078ee36/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list