Hi, On Thu, 11 Mar 2010, Sven Joachim wrote: > since the upcoming 1.15.6 release is supposed to be targeted at > experimental, I think it would be a good idea to fix the recently > spotted path traversal/symlink vulnerabilities of dpkg-source in sid as > well.
Well, it should not stay in experimental for too long IMO. And the the security issue is minor when dpkg-source is not employed in some automatic setup (dak setup for example). So I think we can avoid that sid upload. On the other hand, I wonder what to do with further work and translations. It's likely that 1.15.6 is the last major update to sid targetting squeeze. So when do we switch to "freeze mode" where translations are updated in the sid/squeeze branch and where master points to the next version 1.16.x ? Cheers, -- Raphaƫl Hertzog Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/ My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20100311100626.gb...@rivendell
