[Secure-testing-team] py-asterisk REMOVED from testing
Luk Claes
luk at debian.org
Mon Oct 15 09:26:53 UTC 2007
Faidon Liambotis wrote:
> Luk Claes wrote:
>> Because asterisk maintainers apparantly aren't interesting in making
>> sure stable and secure packages reach testing as this is already taking
>> months and even before the release these packages were more than once in
>> a very bad shape, I thought they wouldn't mind... I guess I was wrong,
>> though I can still be convinced to remove all their packages from
>> testing if I was right after all...
>> <snip>
>> Please, pretty please can someone preferably more than one take care of
>> the VOIP packages appropriately so removals of testing and release team
>> wasting time on them is not necessary anymore, TIA!
> I have tried fixing all of the security bugs of asterisk.
> We've already had security uploads on both sarge and etch recently
> (DSA-1358-1)
>
> Unfortunately, asterisk in lenny was FTBFSing because of missing or
> changed dependencies so I couldn't make an upload to testing-security,
> even though the version is exactly the same as of etch.
It was FTBFSing because of a removed build dependency which apparantly
was fixed in unstable but not in testing...
> Since then, I'm trying to get asterisk to migrate with no success.
> We've had many problems unrelated to asterisk itself that had to fix or
> workaround, such as a binutils bug (#440015) a gcc-4.2 bug (#445336)
> and, of course, the lbl128 transition.
Which is of course a bit late, but thanks for trying to sort out the
mess anyway!
> Asterisk is quite hard to get to testing because of the vast amount of
> build-deps. Right now, it's blocked by net-snmp, perl, krb5 and gtk-2.0.
That means you should try to get a stable version into testing and keep
that maintained for library transitions while you prepare and stabilise
a next candidate for stable (new upstream and/or less important changes)
in experimental and coordinate with maintainers of these build-deps on
when it's a good time to upload it to unstable... IMHO
> If you think there are some other pending issues, please say so and I
> will handle them personally.
The issue now is that people cannot install asterisk in testing and
people who already have it installed have a vulnerable version... though
I'm confident you'll try to fix that ;-)
Cheers
Luk
More information about the Secure-testing-team
mailing list