[Pkg-shadow-devel] Wheezy update of shadow?
Bálint Réczey
balint at balintreczey.hu
Sun Jul 24 21:26:46 UTC 2016
(removing LTS list since it is not LTS related)
Hi Serge & Shadow Maintainters,
2016-07-23 22:02 GMT+02:00 Bálint Réczey <balint at balintreczey.hu>:
> Hi Serge & All,
>
> 2016-07-21 16:16 GMT+02:00 Serge E. Hallyn <serge at hallyn.com>:
>> Quoting Christian PERRIER (bubulle at debian.org):
>>> Quoting Chris Lamb (lamby at debian.org):
>>> > Hello dear maintainer(s),
>>> >
>>> > the Debian LTS team would like to fix the security issues which are
>>> > currently open in the Wheezy version of shadow:
>>> > https://security-tracker.debian.org/tracker/CVE-2016-6251
>>> > https://security-tracker.debian.org/tracker/CVE-2016-6252
>>> >
>>> > Would you like to take care of this yourself?
>>>
>>> There is probably zero chances that this happens. I handled over the
>>> maintenance of shadow to the "team" but the movement is very slow. So
>>> I suspect that nearly nothing will happen.
>>>
>>> As for Nicolas, he is pretty much inactive for years now, so don't
>>> expect more from his side.
>>>
>>>
>>> So, well, even though I'm not happy to send suuch news, this is more
>>> or less the reality nowadays.
>>
>> Dimitri, are you able to help here?
>>
>> I had a candidate package up on mentors for awhile for a new release
>> (https://mentors.debian.net/debian/pool/main/s/shadow/shadow_4.3-1~b1.dsc).
>> Would be great if someone would either test that and fix it up / push, or
>> start over and ditch my work if they prefer.
>
> I'll check the package tomorrow, both the new release and an update for Wheezy.
It seems Serge that you have taken over shadow maintenance and continued
development on GitHub [1], but the homepage on Alioth does
not list new releases [2] and also has a lot of outdated information.
The package on mentors does point to the packaging repo but the repo
does not have the commits.
Could you please join the packaging team on alioth and continue
packagint in the repo there?
I would happily sponsor your changes then.
Regarding the package itself I think you can use the 4.3-1 version
number if you join the team and
cleaning up the lintian warnings/error would also be nice.
You could also add yourself to the Uploaders list.
Cheers,
Balint
[1] https://github.com/shadow-maint/shadow
[2] http://pkg-shadow.alioth.debian.org/
More information about the Pkg-shadow-devel
mailing list