Hello Laszlo, release team, On Sat, April 19, 2008 09:57, Andreas Barth wrote: > * Laszlo Boszormenyi ([EMAIL PROTECTED]) [080419 07:42]: > >> I intend to hijack GnuPG[1], but as it builds an udeb and has priority >> important, I ask if the Release Team allow it.
> So, the only on-topic question is: Do we want 1.4.9 in Lenny, and I need > to say that I didn't read any convincing argument for that to happen yet. > So I don't see release team pressure on uploading a new version. Judging from the changelog I don't see a reason to push for 1.4.9 now. But reviewing the security status of a freshly installed lenny system, I found that gpg is still installed setuid root unnecessarily. See #346597 and friends. I think it's important to fix that bug. Reading Lenny RC policy 5(b), I think this is release critical although the bug isn't marked as such (let me know if you want me to upgrade it). If it helps, Ubuntu has removed the setuid bit since Nov 2004. Therefore I plan to do an NMU soon to fix this bug. Although not officially frozen I'd like to have the input of the release team whether they think such a change is acceptable at this time. Also Laszlo, if you object to such an NMU, please let me know. cheers, Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
