[Secure-testing-team] py-asterisk REMOVED from testing

Faidon Liambotis paravoid at debian.org
Mon Oct 15 09:06:13 UTC 2007


Luk Claes wrote:
> Because asterisk maintainers apparantly aren't interesting in making 
> sure stable and secure packages reach testing as this is already taking 
> months and even before the release these packages were more than once in 
> a very bad shape, I thought they wouldn't mind... I guess I was wrong, 
> though I can still be convinced to remove all their packages from 
> testing if I was right after all...
><snip>
> Please, pretty please can someone preferably more than one take care of 
> the VOIP packages appropriately so removals of testing and release team 
> wasting time on them is not necessary anymore, TIA!
I have tried fixing all of the security bugs of asterisk.
We've already had security uploads on both sarge and etch recently
(DSA-1358-1)

Unfortunately, asterisk in lenny was FTBFSing because of missing or
changed dependencies so I couldn't make an upload to testing-security,
even though the version is exactly the same as of etch.

Since then, I'm trying to get asterisk to migrate with no success.
We've had many problems unrelated to asterisk itself that had to fix or
workaround, such as a binutils bug (#440015) a gcc-4.2 bug (#445336)
and, of course, the lbl128 transition.

Asterisk is quite hard to get to testing because of the vast amount of
build-deps. Right now, it's blocked by net-snmp, perl, krb5 and gtk-2.0.

I had hoped that it would be in testing over a month ago and that's why
I didn't request its removal from testing.
Security team (Moritz and Stefan) were aware of that when we discussed
the upload for sarge/etch.

If you think there are some other pending issues, please say so and I
will handle them personally.

Regards,
Faidon





More information about the Secure-testing-team mailing list