Bug#1031046: Request to close
Matthias Urlichs
matthias at urlichs.de
Mon Apr 14 10:50:28 BST 2025
On 14.04.25 11:15, Jonas Smedegaard wrote:
> what the
> security team requested by filing this bugreport is that we*first*
> demonstrate capability in handling CVEs, and only*then* re-add the
> package to stable Debian.
Counterpoint: We cannot reasonably demonstrate our capability to handle
CVEs for stable (or Testing) when the package is not in Stable (or
Testing) in the first place.
All we can do is offer our commitment to do so.
Besides, Asterisk had a whooping three advisories last year which is
significantly less than 12 (and significantly less than when the bug was
created). That alone should simplify the job by a whole lot, as do the
recent packaging improvements.
Asterisk is by now far from the worst offender in this space.
> Also, freeze is tomorrow, and it takes at a minimum 3 days for a package
> to enter testing, so even if we somehow demonstrated capability today,
> we would still be too late to include it.
We could always ask for an exception.
--
-- regards
--
-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: matthias.vcf
Type: text/vcard
Size: 195 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20250414/401c8bff/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20250414/401c8bff/attachment.sig>
More information about the Pkg-voip-maintainers
mailing list