[Pkg-netatalk-devel] More patches to flag as submitted upstream
Jonas Smedegaard
jonas at jones.dk
Thu May 4 06:06:50 BST 2023
Quoting Daniel Markstedt (2023-05-04 03:57:28)
> > The judgement is not so much the specific CVEs as it is a network-facing
> > service with a history of ongoing CVEs being maiantained effectively by
> > only one person.
>
> Fair enough. I can understand that the state of the project didn't look good
> when they made that call. So when does the release team start considering
> packages for inclusion again? Mid 2025? Anything special you have to do
> to make them take a second look at packages that were discarded in a prior
> release cycle?
We should simple be generally attentive to the package, at all times.
Concretely, it would be great if you could look into cherry-picking the
fixes for severe bugs (notably the CVEs) as patches for stable and
oldstable.
> BTW, I saw in your changelog commit:
>
> > [ upstream ]
> > * new release
> > + fixes CVE-2022-45188 CVE-2022-45188;
>
> Shouldn't this be:
>
> "fixes CVE-2022-43634 CVE-2022-45188"
Whoops. Indeed - good catch!
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones
[x] quote me freely [ ] ask before reusing [ ] keep private
More information about the pkg-netatalk-devel
mailing list