The new version is in mantic now
** Changed in: policykit-1 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1972654
Title:
[security review] Sync policykit-1 121+compat0.1-5 (main) from Debian
unstable
Status in policykit-1 package in Ubuntu:
Fix Released
Bug description:
Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable
for Ubuntu 23.04
Changelog entries since current kinetic version 0.105-33:
https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog
In particular, see the 0.120-4 changelog entry.
I am filing a bug for Security Team review.
Previously, Debian and Ubuntu developers agreed to keep using
the last version of policykit before it switched to using JavaScript rules.
But that was years ago. I believe Debian & Ubuntu are the only distros
to have opted out of the new policykit. It is harder to maintain
the old style rules when upstream rules use the new format. And it is
a challenge to backport security and other bugfixes from the new
series, without making mistakes or missing important details.
There was a proposal to use duktape instead of mozjs for the JavaScript
interpreter but I don't think that's been merged yet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
