[Pkg-privacy-maintainers] Bug#1008164: RM: obfs4proxy/0.0.8-1
Clément Hermann
nodens at debian.org
Wed Aug 14 07:54:51 BST 2024
Hi,
Sorry, the emails went to a strange filter. Pinging on IRC was a good
move. ;)
Le 12/08/2024 à 22:38, Adam D. Barratt a écrit :
> Re-ping, given that we're less than three weeks from the final bullseye
> point release.
>
> Regards,
>
> Adam
>
>
> On Mon, 2024-07-08 at 19:24 +0100, Jonathan Wiltshire wrote:
>> Hi,
>>
>> Ping on this? Adding the maintenance list as well.
>>
>> Thanks.
>>
>> On Sat, Aug 05, 2023 at 11:05:52PM +0200, Moritz Mühlenhoff wrote:
>>> Am Mon, Jul 31, 2023 at 08:05:29AM +0100 schrieb Jonathan
>>> Wiltshire:
>>>> Hi,
>>>>
>>>> On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote:
>>>>> Control: retitle -1 RM: obfs4proxy -- RoM; security issues
>>>>> Control: tags -1 + moreinfo
>>>>>
>>>>> On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote:
>>>>>> Control: tag -1 bullseye
>>>>>>
>>>>>> Hi Ana,
>>>>>>
>>>>>> On 23-03-2022 13:13, Ana Custura wrote:
>>>>>>> Opening this bug after a recomendation from debian-
>>>>>>> security.
>>>>>>> Version 0.0.8 of obfs4proxy has a security bug, which has
>>>>>>> only been
>>>>>>> fixed in a later
>>>>>>> version (0.0.13, see bug number #1004374), and also suffers
>>>>>>> from
>>>>>>> incompatibilty issues
>>>>>>> with later versions of the package. Version 0.0.13 is
>>>>>>> already in
>>>>>>> bullseye-backports.
>>>>>>
>>>>>> So this want's removal from bullseye, setting the right tag
>>>>>> to have
>>>>>> it on the radar of the SRM.
>>>>>
>>>>> obfs4proxy has a reverse-dependency in bullseye:
>>>>>
>>>>> Checking reverse dependencies...
>>>>> # Broken Depends:
>>>>> onionshare: onionshare
>>>>>
>>>>> Dependency problem found.
>>>>
>>>> This remains unresolved - obfs4proxy cannot be removed while
>>>> onionshare
>>>> depends on it. Security team - is removal your recommendation?
>>>> How can the
>>>> dependency be resolved?
>>>
>>> Let's add the onionshare maintainer to CC.
>>>
>>> In #1004375 onionshare demoted the dependency on obfs4proxy to a
>>> Recommends,
>>> can we apply the same to onionshare 2.2 from Bullseye?
In my opinion, it should work. I hope to be able to test later today and
will report then.
Anyway, I really hope no user (or Debian derivative) relying on
obfs4proxy is still using bullseye.
Cheers
--
nodens
More information about the Pkg-privacy-maintainers
mailing list