Hi Adam, hi Alexander, On Fri, Jan 01, 2021 at 06:20:32PM +0000, Adam D. Barratt wrote: > Hi, > > On Fri, 2021-01-01 at 14:21 +0100, Salvatore Bonaccorso wrote: > > Uplaoding 1.2.1+dfsg-1 + CVE fix cannot work. We have already > > released 1.2.1+dfsg-2+deb10u1 in the security archives, so any > > version we pick to fix issues need to be highter, no matter if we do > > several rollbacks or only the #975372 fix. > > > > So we need in any case 1.2.1+dfsg-2+deb10u2 (no matter if "complete" > > rollback, or just the bugfix). > > > > Given the move of the logdir and systemd unit has now been done with > > the DSA, I think my preference would be to only just address the > > "fallout" from the logdir move and so adress #975372. > > > > Adam D. Barratt is Cc'ed in this message, who is a stable release > > managers in case he would like to indicate a preference. > > > > Adam would that be fine with you with your SRM hat on, to let all the > > -2 changes pass to stable (agreeing that that would usually not be > > stable material under normal cicumstances) and so just address the > > introduced #975372? > > As you say, such changes would not normally be considered as part of a > stable update. However, given that they've already been published via > the security archive and as such been on user systems for a month or so > by this stage, I think attempting to walk back the additional changes > now is likely to cause us more pain than just going with them, and > hoping that #975372 is the only issue caused as a result.
Thanks and thanks Alexander for the upload. Regression update has just been sent out. Regards, Salvatore