Thanks Steve, In conclusion, we should ship libosip2 2.0.6 with sarge. And I will fix for 2.0.6. It includes a potential security risk. It is same as #305729.
> Well, this tells me that we should not ship libosip2 2.0.6 with sarge, > whether or not we decide to allow 2.2.0 in. > - libosip2-3 was accepted into unstable on March 19 > - even though siproxd, its *one* reverse-dependency in testing, was > uploaded on March 23, it remained RC-buggy until April 24, when I > sponsored an upload on behalf of the maintainer (after pestering him on > IRC) > - by which point, a new upstream version of libosip2 had been uploaded, > blocking the progression of the fixed siproxd into testing; > - and three days later, libosip2 was uploaded again, with the only change > being to change the maintainer field, ensuring that neither package > would get in before we froze! Sorry. I caused these problems. > - and all the while, there is apparently no releasable version of siproxd > in testing, according to bug #304691 which reports that both the > unstable and testing versions segfault, which apparently no one bothered > to report even though the package that was in testing at the time was > seven months old! Sorry. I don't understand status of siproxd. > So I am not very sympathetic to requests that either of these packages be > given freeze exceptions, and I'm also not confident that either package is > being maintained very well right now. I understand. -- ARAKI Yasuhiro A Debian Official Developer <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
