Your message dated Sat, 14 Mar 2015 10:43:18 +0100
with message-id <[email protected]>
and subject line Re: Bug#780388: RM: trafficserver/5.0.1-1
has caused the Debian Bug report #780388,
regarding RM: trafficserver/5.0.1-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
780388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780388
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: rm
Hello,
Considering that trafficserver is currently affected by 3 security bugs
(CVE-2014-3624, CVE-2014-10022 (#778895) and #749846) fixed in Sid but
which was not uploaded on time to testing before the freeze, and that
these bugs cannot be easily fixed, it would probably be better to remove
it from testing as suggested by Arno Töll, the maintainer of
trafficserver, on #778895:
"However, the Release Team was uncomfortable to unblock that package
(cf. #769689). I'm afraid, that we better ask for removal of that
package in Testing rather than bothering with it, as we - as
maintainers - cannot guarantee for the security of it already, even
less so over the lifespan of a Debian Release, and upstream is moving
faster than us."
Thanks in advance.
Regards,
--
Arnaud Fontaine
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 2015-03-13 09:29, Arnaud Fontaine wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: rm
>
> Hello,
>
> Considering that trafficserver is currently affected by 3 security bugs
> (CVE-2014-3624, CVE-2014-10022 (#778895) and #749846) fixed in Sid but
> which was not uploaded on time to testing before the freeze, and that
> these bugs cannot be easily fixed, it would probably be better to remove
> it from testing as suggested by Arno Töll, the maintainer of
> trafficserver, on #778895:
>
> "However, the Release Team was uncomfortable to unblock that package
> (cf. #769689). I'm afraid, that we better ask for removal of that
> package in Testing rather than bothering with it, as we - as
> maintainers - cannot guarantee for the security of it already, even
> less so over the lifespan of a Debian Release, and upstream is moving
> faster than us."
>
> Thanks in advance.
>
> Regards,
>
Ack, I have added a removal hint for trafficserver. Hopefully things
will look better for Stretch.
Thanks,
~Niels
--- End Message ---
