[Pkg-shadow-devel] Wheezy update of shadow?
Serge E. Hallyn
serge at hallyn.com
Tue Jul 26 12:50:48 UTC 2016
Quoting Bálint Réczey (balint at balintreczey.hu):
> (removing LTS list since it is not LTS related)
>
> Hi Serge & Shadow Maintainters,
>
> 2016-07-23 22:02 GMT+02:00 Bálint Réczey <balint at balintreczey.hu>:
> > Hi Serge & All,
> >
> > 2016-07-21 16:16 GMT+02:00 Serge E. Hallyn <serge at hallyn.com>:
> >> Quoting Christian PERRIER (bubulle at debian.org):
> >>> Quoting Chris Lamb (lamby at debian.org):
> >>> > Hello dear maintainer(s),
> >>> >
> >>> > the Debian LTS team would like to fix the security issues which are
> >>> > currently open in the Wheezy version of shadow:
> >>> > https://security-tracker.debian.org/tracker/CVE-2016-6251
> >>> > https://security-tracker.debian.org/tracker/CVE-2016-6252
> >>> >
> >>> > Would you like to take care of this yourself?
> >>>
> >>> There is probably zero chances that this happens. I handled over the
> >>> maintenance of shadow to the "team" but the movement is very slow. So
> >>> I suspect that nearly nothing will happen.
> >>>
> >>> As for Nicolas, he is pretty much inactive for years now, so don't
> >>> expect more from his side.
> >>>
> >>>
> >>> So, well, even though I'm not happy to send suuch news, this is more
> >>> or less the reality nowadays.
> >>
> >> Dimitri, are you able to help here?
> >>
> >> I had a candidate package up on mentors for awhile for a new release
> >> (https://mentors.debian.net/debian/pool/main/s/shadow/shadow_4.3-1~b1.dsc).
> >> Would be great if someone would either test that and fix it up / push, or
> >> start over and ditch my work if they prefer.
> >
> > I'll check the package tomorrow, both the new release and an update for Wheezy.
>
> It seems Serge that you have taken over shadow maintenance and continued
> development on GitHub [1], but the homepage on Alioth does
> not list new releases [2] and also has a lot of outdated information.
>
> The package on mentors does point to the packaging repo but the repo
> does not have the commits.
> Could you please join the packaging team on alioth and continue
I'll try,
> packagint in the repo there?
You mean http://anonscm.debian.org/cgit/pkg-shadow/shadow.git/ right?
> I would happily sponsor your changes then.
>
> Regarding the package itself I think you can use the 4.3-1 version
> number if you join the team and
> cleaning up the lintian warnings/error would also be nice.
I'll see about addressing some of the lintian warnings.
> You could also add yourself to the Uploaders list.
Ok, will do.
thanks,
-serge
More information about the Pkg-shadow-devel
mailing list