Re: MySQL 5.5 EOL before Debian 8 LTS ends

2018-12-19 Thread Otto Kekäläinen
Hello! ke 19. jouluk. 2018 klo 18.01 Holger Levsen (hol...@layer-acht.org) kirjoitti: > > Also note that mariadb 10.0 is EOL in three months[2]. > > I think this rules out mariadb 10.0 as a sensible upgrade path here. > (Also, switching from mysql to mariadb in an LTS security upload???) Do we

policykit-1 CVE-2018-19788 in jessie

2018-12-19 Thread Santiago Ruano Rincón
Dear Maintainers, (It seems my first attempt to send this mail failed. Sorry if you received it twice) As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in jessie. i.e. systemctl correctly doesn't allow me to stop services, and pkexec blocks me from executing applications

Re: proposed removal of Enigmail from jessie/LTS

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 21:22:21, Emilio Pozuelo Monfort wrote: > Hi Antoine, > > On 19/12/2018 18:25, Antoine Beaupré wrote: >> On 2018-12-19 17:03:26, Holger Levsen wrote: >>> On Wed, Dec 19, 2018 at 11:40:07AM -0500, Antoine Beaupré wrote: >>> [...] >>> I've now also re-read this thread (for the 2nd time

Re: proposed removal of Enigmail from jessie/LTS

2018-12-19 Thread Emilio Pozuelo Monfort
Hi Antoine, On 19/12/2018 18:25, Antoine Beaupré wrote: > On 2018-12-19 17:03:26, Holger Levsen wrote: >> On Wed, Dec 19, 2018 at 11:40:07AM -0500, Antoine Beaupré wrote: >> [...] >> I've now also re-read this thread (for the 2nd time today..) and first >> I'd like to notice that all the concerns

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 11:09:10, Antoine Beaupré wrote: > On 2018-12-19 14:58:29, Holger Levsen wrote: >> On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: >>> > I also note #859122 is not marked 'patch'. >>> fixed. >> >> :) >> >>> >> I've requested access as an individual, for what that's

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 18:05:36, Antoine Beaupré wrote: > On 2018-12-19 11:09:10, Antoine Beaupré wrote: >> On 2018-12-19 14:58:29, Holger Levsen wrote: >>> On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: > I also note #859122 is not marked 'patch'. fixed. >>> >>> :) >>>

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-19 Thread Daniel Kahn Gillmor
First off, thanks to Antoine not only for doing all this work for jessie, but for helping out with getting stretch in better shape. If we aim to support our users for an LTS distro, this is exactly the sort of thing we need done. If we're realistically talking about actually dropping support for

Accepted cargo 0.25.0-2~deb8u2 (source armel all) into oldstable

2018-12-19 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Dec 2018 23:45:48 +0100 Source: cargo Binary: cargo cargo-doc Architecture: source armel all Version: 0.25.0-2~deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Rust Maintainers Changed-By: Emilio Pozuelo

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 14:44:02, Holger Levsen wrote: > Hi Antoine, > > On Tue, Dec 11, 2018 at 10:15:15AM -0500, Antoine Beaupré wrote: [...] > I also note #859122 is not marked 'patch'. fixed. [...] >> I've requested access as an individual, for what that's worth. > > you were given access a week

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Holger Levsen
Hi Antoine, On Tue, Dec 11, 2018 at 10:15:15AM -0500, Antoine Beaupré wrote: > >> How does that sound? > > sounds very good to me. thanks for your work on this so far! > Right, agreed. :) I guess the script could both parse previous emails > and future ones quite easily. yup, that would be

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Holger Levsen
On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: > > I also note #859122 is not marked 'patch'. > fixed. :) > >> I've requested access as an individual, for what that's worth. > > you were given access a week ago, too. \o/ > yup. I guess I could just merge my own patches now...

Re: MySQL 5.5 EOL before Debian 8 LTS ends

2018-12-19 Thread Holger Levsen
Hi Emilio, thanks for bringing up this issue on the LTS list. On Mon, Dec 17, 2018 at 10:49:57AM +0100, Emilio Pozuelo Monfort wrote: > MySQL 5.5 should be EOL this month if nothing has changed, although I don't > see > an announcement on [1] yet. Maybe it will be published next month when the

Re: proposed removal of Enigmail from jessie/LTS

2018-12-19 Thread Holger Levsen
On Wed, Dec 19, 2018 at 11:40:07AM -0500, Antoine Beaupré wrote: [...] > Both Emilio and Daniel supported the idea of pushing the GnuPG 2.1 > backport. So I did that and spent most of my LTS time for december > working on the GnuPG 2.1 upload. > > I was just about to finalize the upload, based on

Re: proposed removal of Enigmail from jessie/LTS

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 17:03:26, Holger Levsen wrote: > On Wed, Dec 19, 2018 at 11:40:07AM -0500, Antoine Beaupré wrote: > [...] > I've now also re-read this thread (for the 2nd time today..) and first > I'd like to notice that all the concerns were only brought up in the > last week, so it was definitly

Re: Xen 4.4 updates vs. Xen Stretch backport

2018-12-19 Thread Holger Levsen
Hi Peter, sorry for the delay in replying... On Fri, Dec 07, 2018 at 01:32:49PM +0100, Peter Dreuw wrote: > > Assuming (*) you will continue to work on xen DLAs: please apply to become > > a project member of https://salsa.debian.org/security-tracker-team/ so > > that you can push your commits

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-19 Thread Holger Levsen
Hi Antoine, dkg, On Sat, Dec 15, 2018 at 01:09:39PM +0100, Moritz Mühlenhoff wrote: > On Fri, Dec 14, 2018 at 09:08:42AM +0100, Emilio Pozuelo Monfort wrote: > > However given the impact of these library updates, I was wondering > > if we have considered to just mark enigmail as EOL in jessie?

proposed removal of Enigmail from jessie/LTS

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 16:21:46, Holger Levsen wrote: > Hi Antoine, dkg, > > On Sat, Dec 15, 2018 at 01:09:39PM +0100, Moritz Mühlenhoff wrote: >> On Fri, Dec 14, 2018 at 09:08:42AM +0100, Emilio Pozuelo Monfort wrote: >> > However given the impact of these library updates, I was wondering >> > if we have

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-19 Thread Antoine Beaupré
On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote: [...] > Looking at a jessie -> jessie-new diff, I see that several -dbg packages are > gone in your backports. Yes. That's because they were switched to dbgsym in stretch, but that mecanism wasn't supported in jessie. I did a "fast" backport

Re: automating process for publishing DLAs on the website

2018-12-19 Thread Antoine Beaupré
On 2018-12-19 14:58:29, Holger Levsen wrote: > On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: >> > I also note #859122 is not marked 'patch'. >> fixed. > > :) > >> >> I've requested access as an individual, for what that's worth. >> > you were given access a week ago, too. \o/

uw-imap: unclaimed package after 3 weeks of inactivity

2018-12-19 Thread Holger Levsen
Hi Roberto, I just ran the weekly "./bin/review-update-needed --lts --unclaim \ 1814400 --exclude linux linux-4.9" and uw-imap unclaimed after 3 weeks without work or documenting progress. As this is the 3rd or 4th week of my running this and since you can trivially reclaim that package (and