[Secure-testing-team] Re: summary of what's blocking security fixes
Nathanael Nerode
neroden at twcny.rr.com
Wed Sep 14 04:02:29 UTC 2005
Joey Hess wrote:
>RM summary: m68k is killing us with ICE after ICE and contributing to
>blocking hald of the fixes. The transitions arn't hurting as much after
>the last heroic britney run, although kde/qt is of course a problem.
Time to declare m68k broken.
>Testing team summary: well, of these asterisk, inkscape, some kde stuff,
>lm-sensors, mysql-dfsg-4.1, and texmacs seem like the most likely
>candidates for upload to secure-testing, although some of the holes may
>not warrant a DTSA.
>
>asterisk
> 30 days old
> blocked indirectly by qt transition
Deserves a secure-testing upload.
>inkscape
> 20 days old
> blocked by libsigc++-2.0
To quote Steve Langasek:
# waits for efax-gtk,timfx to be build on m68k,
# gnomoradio,libgdamm1.3,libpanelappletmm2.6,lostirc,quickplot transitioned
Bugs have been filed against the packages needing transitioned uploads.
NMUs are a good idea too.
This cluster could go in in a week or less, so it may not be worth a security
upload.
>lm-sensors
> 23 days old
> indirectly blocked by perl
Hmm. No idea how long perl will take, so this probably deserves an upload
if the vulnerability is serious enough.
>mozilla (partially fixed in secure-testing)
> 41 days old, AKA, is this package being maintained?
Clearly not.
> rc bugs, FTBDS, etc
>ntp
> 177 days old
> 3 RC bugs, max 98 days old, none with responses from maintainers
> recommend removal from testing (and/or debian)
Good grief. And it's team-maintained, too.
CC:ing all maintainers.
I'd hate to see this drop out of Debian. Shall I prepare an NMU?
>openmotif
> 106 days old
> non-free package, still missing s390 build
> (I tried and failed to build this on raptor, machine is too
> unstable.)
Drop from testing?
--
Nathanael Nerode <neroden at twcny.rr.com>
This space intentionally left blank.
More information about the Secure-testing-team
mailing list