[pkg-gnupg-maint] stretch-pu: package gnupg2/2.1.18-8~deb9u3
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Oct 14 23:58:33 BST 2018
Hi release team, security team:
over in #910398, i wrote:
On Fri 2018-10-05 17:48:10 -0500, Daniel Kahn Gillmor wrote:
> I'd like to update the version of GnuPG in debian stable with a series
> of targeted bugfixes (most of which are backported from upstream).
>
> There are four complementary reasons, which i explain in more detail
> below:
>
> * ptrace hardening for scdaemon
> * bugfixes that target some common workflows
> * updating cryptographic defaults
> * fixing enigmail in stretch
>
> All of the patches that implement these changes have been in buster
> for many months (either as upstream improvements or debian-specific
> improvements).
I'd appreciate some followup on this from the debian teams -- am i
barking up the wrong tree? should i take a different approach? or do i
(and the stretch users of enigmail) just need to wait a little while
longer for review?
Many thanks for your work in keeping debian stable safe, healthy, and
useful.
Regards,
--dkg
PS thanks to Georg for his testing of these changes, as noted in
#910398!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181014/fa3816d3/attachment.sig>
More information about the pkg-gnupg-maint
mailing list