[Pkg-privacy-maintainers] Bug#1008164: RM: obfs4proxy/0.0.8-1
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 14 18:37:08 BST 2024
Hi,
On Wed, Aug 14, 2024 at 08:54:51AM +0200, Clément Hermann wrote:
> Hi,
>
> Sorry, the emails went to a strange filter. Pinging on IRC was a good move.
> ;)
:-) glad it was of help!
> Le 12/08/2024 à 22:38, Adam D. Barratt a écrit :
> > Re-ping, given that we're less than three weeks from the final bullseye
> > point release.
> >
> > Regards,
> >
> > Adam
> >
> >
> > On Mon, 2024-07-08 at 19:24 +0100, Jonathan Wiltshire wrote:
> > > Hi,
> > >
> > > Ping on this? Adding the maintenance list as well.
> > >
> > > Thanks.
> > >
> > > On Sat, Aug 05, 2023 at 11:05:52PM +0200, Moritz Mühlenhoff wrote:
> > > > Am Mon, Jul 31, 2023 at 08:05:29AM +0100 schrieb Jonathan
> > > > Wiltshire:
> > > > > Hi,
> > > > >
> > > > > On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote:
> > > > > > Control: retitle -1 RM: obfs4proxy -- RoM; security issues
> > > > > > Control: tags -1 + moreinfo
> > > > > >
> > > > > > On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote:
> > > > > > > Control: tag -1 bullseye
> > > > > > >
> > > > > > > Hi Ana,
> > > > > > >
> > > > > > > On 23-03-2022 13:13, Ana Custura wrote:
> > > > > > > > Opening this bug after a recomendation from debian-
> > > > > > > > security.
> > > > > > > > Version 0.0.8 of obfs4proxy has a security bug, which has
> > > > > > > > only been
> > > > > > > > fixed in a later
> > > > > > > > version (0.0.13, see bug number #1004374), and also suffers
> > > > > > > > from
> > > > > > > > incompatibilty issues
> > > > > > > > with later versions of the package. Version 0.0.13 is
> > > > > > > > already in
> > > > > > > > bullseye-backports.
> > > > > > >
> > > > > > > So this want's removal from bullseye, setting the right tag
> > > > > > > to have
> > > > > > > it on the radar of the SRM.
> > > > > >
> > > > > > obfs4proxy has a reverse-dependency in bullseye:
> > > > > >
> > > > > > Checking reverse dependencies...
> > > > > > # Broken Depends:
> > > > > > onionshare: onionshare
> > > > > >
> > > > > > Dependency problem found.
> > > > >
> > > > > This remains unresolved - obfs4proxy cannot be removed while
> > > > > onionshare
> > > > > depends on it. Security team - is removal your recommendation?
> > > > > How can the
> > > > > dependency be resolved?
> > > >
> > > > Let's add the onionshare maintainer to CC.
> > > >
> > > > In #1004375 onionshare demoted the dependency on obfs4proxy to a
> > > > Recommends,
> > > > can we apply the same to onionshare 2.2 from Bullseye?
>
> In my opinion, it should work. I hope to be able to test later today and
> will report then.
Ack! Just a reminder: Just make sure we have the uploads in place
before 25th of august, where the window for uploads closes for the
last point release.
Regards,
Salvatore
More information about the Pkg-privacy-maintainers
mailing list