Need help with asterisk?
Jonas Smedegaard
dr at jones.dk
Tue Oct 11 09:38:17 UTC 2016
Quoting Bernhard Schmidt (2016-10-11 10:35:38)
> On Sat, Oct 08, 2016 at 09:21:47PM +0200, Bernhard Schmidt wrote:
>
> > > Best would be if you can try look into squashing security-related
> > > bugs in stable and oldstable. Or I could could prepare that and
> > > you can take the dialogue with the release team to get permission
> > > for releasing it.
> >
> > I'll have a look at the one open security issue in stable, maybe I
> > can wrap something up that fixes AST-2016-007. Never dealt with the
> > security team either.
>
> I'm in contact with the security team and we should have a DSA pretty
> soon.
Great!
> The only question now is how to deal with the git repo. The jessie
> branch
> (https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/log/?h=jessie)
> has unreleased changes that won't be eligible for security.
>
> How should I deal with this?
>
> - revert the patches in the jessie branch and put the security patches
> on top
> - add a jessie-security branch
> - force-push the jessie branch to an older commit
>
> I think the last option would break everyones clone, so that's a
> no-go. I'm leaning to option #1. Any opinion?
I have not yet looked at it, and was not the one pushing those changes.
Therefore I suggest to do #2: That's the most conservative option and we
can later merge to option #1 from there.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20161011/b225010b/attachment.sig>
More information about the Pkg-voip-maintainers
mailing list