[Pkg-netatalk-devel] CVE fixes for netatalk in oldstable
Jonas Smedegaard
jonas at jones.dk
Fri Sep 1 20:30:01 BST 2023
Quoting Daniel Markstedt (2023-09-01 07:44:24)
> ------- Original Message -------
> On Thursday, August 31st, 2023 at 12:20 AM, Jonas Smedegaard <jonas at jones.dk> wrote:
>
> > > Good idea to increase the severity of the ticket. Done!
> >
> >
> > Good. But oddly, Adam lowered severity again 6 hours later, without
> > explanation.
> >
> > I suggest that you post to the bugreport, X-Debbugs-Cc him, to (kindly!)
> > ask for clarification. But read below about X-Debbugs-Cc...
> >
>
> Frankly, I'm leaning towards not responding right now.
> He told me to be patient. I can be patient. :)
> Maybe in a week or two I'll ask for an update.
>
> The lack of a sense of urgency for fixing known security issues is a bit surprising though.
> I wonder if they will respond differently to 0-day fixes?
Well, when I file a bugreport using reportbug and I flag it as
security-related, then it gets Cc'ed the security team - I guess that
would be the case also for your reporting bugs to the pseudo-package
release.debian.org - and it is my understanding that the release time
governs stability and the security governs security of Debian.
In other words: Perhaps the release team is calm because netatalk
currently contain no issues flagged as release-criticallly severe
(except for bug#1025011 which affects neither stable nor oldstable).
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-netatalk-devel/attachments/20230901/2c62a9d4/attachment.sig>
More information about the pkg-netatalk-devel
mailing list