On Wed, Apr 30, 2014 at 10:44 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > fixed 743960 2.0-2+deb7u1 > fixed 743960 2.0-2.1 > thanks
Indeed, sorry for the mess. > On Wed, Apr 30, 2014 at 08:47:00AM +0200, Mathieu Malaterre wrote: >> Control: reopen -1 >> >> carnil, 2.0-2+deb7u1 was prepared before CVEs were published (before >> 2.1 was release). There is no sense to upload 2.0-2.1, it would have >> been easier to upload 2.1 directly... > > Hmm, could you elaboreate what is wrong in your opionion what I did? > > The security team was aware of this issue before the the issue was > made public. Moritz uploaded 2.0-2+deb7u1 to be relased as a DSA > (https://www.debian.org/security/2014/dsa-2900). My upload was to have > the same fix also for testing and unstable. So the bug is also fixed > now in testing and unstable. > > I though agree that a new upstream version should also be uploaded. There is nothing /wrong/ per se. AFAIK there is no urgency to fix CVE(s) in testing/sid. Packager will now need to integrate your upload in its history, which may delay 2.1 release even further. And as a result 2.1 will be identical to 2.0-2+deb7u1, except it would have been 'cleaner' from my point of view. 2cts -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org