On Wed, Oct 16, 2019 at 11:59:07PM +0200, Romain Francoise wrote: > On Wed, Oct 16, 2019 at 9:48 PM Salvatore Bonaccorso <car...@debian.org> > wrote: > > Ideally given the issues are denial of service issues, this would have > > been okay via a point release. But we discussed this coincidentally in > > the team concluding we could as well release it via security. But we > > were thinking of postponing it a bit yet to see if some bug > > reports/regression reports did appear after the unstable version was > > exposed. > > Ah, okay. 4.9.3~git20190901-1 included significant packaging changes > to drop root privileges by default, is that appropriate for an upload > via security? (If so, it is my preferred avenue to reach stable users, > as point releases aren't very frequent.)
IMHO for stretch-security/buster-security we should rather rebase the old 4.9.2ish packages to 4.9.3, given that it creates new system users etc. it seems not really suitable for a security update. > > Can you prepare updates for buster-security and stretch-security? > > I don't have much free time these days but I will try to get this done > over the week-end. Ack, thanks. Cheers, Moritz