On Wed, Oct 16, 2019 at 11:59:07PM +0200, Romain Francoise wrote:
> On Wed, Oct 16, 2019 at 9:48 PM Salvatore Bonaccorso <car...@debian.org>
> wrote:
> > Ideally given the issues are denial of service issues, this would have
> > been okay via a point release. But we discussed this coincidentally in
> > the team concluding we could as well release it via security. But we
> > were thinking of postponing it a bit yet to see if some bug
> > reports/regression reports did appear after the unstable version was
> > exposed.
>
> Ah, okay. 4.9.3~git20190901-1 included significant packaging changes
> to drop root privileges by default, is that appropriate for an upload
> via security? (If so, it is my preferred avenue to reach stable users,
> as point releases aren't very frequent.)
IMHO for stretch-security/buster-security we should rather rebase the old
4.9.2ish packages to 4.9.3, given that it creates new system users etc.
it seems not really suitable for a security update.
> > Can you prepare updates for buster-security and stretch-security?
>
> I don't have much free time these days but I will try to get this done
> over the week-end.
Ack, thanks.
Cheers,
Moritz
