Your message dated Mon, 22 Mar 2021 21:10:31 +0100
with message-id <[email protected]>
and subject line Re: Bug#983876: unblock: otrs2/6.0.32-1
has caused the Debian Bug report #983876,
regarding unblock: otrs2/6.0.32-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
983876: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983876
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Hello release team,
I try to citize from my mails to the security team:, it's about #982927:
Yesterday I had a videocall with the owner and lead developer of OTOBO. They
want to support me keeping the otrs2 source package in a good shape for
Bullseye, so that users of the package dont have to worry now.
Kicking the package out of Debian would not be optimal.
They also showed me https://github.com/znuny/Znuny (https://www.znuny.com/) -
they
also forked OTRS CE 6 and fixing bugs and security bugs, also all known open
bugs
in CVE/Debian atm. So the plan would be now:
* Switch the source of the otrs2 package to the znuny one, so that we have
releases
based on an open(source) maintained safe codebase => can I get the go from
you for that?
* otrs packaging at all is obsolete for bullseye+1. I will package otobo, also
with
otobo support, and we will work on a easy way so that users later can migrate
from otrs to otobo
We also spoke about the open security issues, there is indeed one in the
CKEditor, but:
#980891:
They way otrs uses this library it should not be possible to attack the user,
mostly only the attacker himself
#982586:
Thats a wrong information from the OTRS AG, because it does not affect otrs 6
CE.
It depends on that you use an external interface, which is available in OTRS 7
and 8
(not free) and maybe in the not-free otrs 6 package via addon, but not in the
community edition, which is also packaged in Debian.
XXXXXX itself is not helpful at all anymore and just wrote me **************
I hope switching as fast as possible to the znuny fork for the otrs2 source
package is also an option for you, I dont want to release bullseye without it
-----
I just uploaded the otrs2 6.0.32 package to experimental. Could I have your
ACK for bullseye? :-)
-- System Information:
Debian Release: 10.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi Patrick,
Unblocked.
Paul
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
