On Wed, Mar 14, 2007 at 02:03:42PM +0100, Frans Pop wrote: > On Wednesday 14 March 2007 12:29, Steve Langasek wrote: > > > However, etch still has 1.4.6-1, and no freeze exception has been > > > requested.
> > But it has been granted. > Note that this means gpgv-udeb is now out of sync between D-I initrds and > udebs. I discussed this with aba on IRC yesterday and did not ack the > unblock for that reason. I would have much preferred if this had gone > through security.d.o, but in the end it is up to RM. So at this point, the udebs we have in the prospective d-i rc2 initrds that we know we want to get fixes in yet for the .debs are atk1.0, gnupg, and udev. The gnupg bug is a security bug, so an alternate update path is available; atk1.0 /might/ be ignorable on the grounds that the scope of the bug is limited to users of screenreaders using a translation in indeterminate circumstances; but the udev problem seems to be fairly widespread in the hardware it would potentially affect, which I think tips the balance in favor of stashing those udebs somewhere for the release and allowing the updates into testing. AJ, can the ftp team make libatk1.0-udeb 1.12.4-2, udev-udeb 0.105-3, and gpgv-udeb 1.4.6-1, with sources, persistently available in a separate suite to allow updates to go into testing? It would be ideal if we had this in place by the 20th, so that at least anyone installing from netboot/netinst/businesscard can get the updated atk1.0 so we have more opportunity for feedback on anything that's gone wrong. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
