On Fri, May 02, 2008 at 04:56:45PM +0200, Thijs Kinkhorst wrote: > On Sat, April 19, 2008 09:57, Andreas Barth wrote: > > So, the only on-topic question is: Do we want 1.4.9 in Lenny, and I need > > to say that I didn't read any convincing argument for that to happen yet. > > So I don't see release team pressure on uploading a new version. > > Judging from the changelog I don't see a reason to push for 1.4.9 now. But > reviewing the security status of a freshly installed lenny system, I found > that gpg is still installed setuid root unnecessarily. See #346597 and > friends. > > I think it's important to fix that bug. Reading Lenny RC policy 5(b), I > think this is release critical although the bug isn't marked as such (let > me know if you want me to upgrade it). If it helps, Ubuntu has removed the > setuid bit since Nov 2004. > > Therefore I plan to do an NMU soon to fix this bug. Although not > officially frozen I'd like to have the input of the release team whether > they think such a change is acceptable at this time. Also Laszlo, if you > object to such an NMU, please let me know.
An upload fixing bug #346597 looks acceptable. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
