On 2019-05-20 Paul Gevers <elb...@debian.org> wrote: > On 19-05-2019 10:33, Andreas Metzler wrote: >> I probably could try to pick the CVE related changes and other important >> bug-fixes, however I do not think it is the right choice. The changes >> will be smaller but the risk of breakage is higher.
> Can you explain why do you believe that? >> Also 3.6.7 now has >> been tested in sid for almost two months now. > Ack. Hello Paul, well, apart from the two CVE fixes there are many bugfixes in this release that we probably want, e.g. https://gitlab.com/gnutls/gnutls/issues/690 https://gitlab.com/gnutls/gnutls/issues/689 https://gitlab.com/gnutls/gnutls/issues/713 https://gitlab.com/gnutls/gnutls/issues/698 etc. Most of these are related to TLS 1.3. - They might not show up as bug reports now because it TLS1.3 is not that common yet but will propably cause issues later in buster's lifetime. And the more fixes there the more error-prone complicated cherry-picking s going to be. >>> You bumped the debhelper compat level. That isn't a change we find >>> acceptable during the freeze. >> >> I will immediately revert this if it helps. > I don't have enough experience yet with reviewing unblocks, that I feel > comfortable reviewing and unblocking the current package, so if your > insisting on the whole, somebody else will have to do the review. I am > sure this revert will be a requirement though. The revert has been in sid for a week now. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'