On Wednesday 31 December 2008 09:36, Mark Purcell wrote:
While I can understand your position. This still leaves an RC bug open
against lenny.
What do you propose we do for lenny?
1. Leave bug open for lenny. Tag lenny-ignore?
2. Request freeze exception for the new upstream release?
3.
Hi,
RC bug #508701 has been filed against phpbb2 for it being unsupportable in the
stable lifetime. After some thought I have decided that this is indeed
correct and asked the FTP-masters to remove it in #509620. While that request
is pending processing, phpbb2 can already be removed from
Hi,
please unblock mailman/1:2.1.11-7 . We believe it's a very useful
documentation update, correcting outdated (=wrong) advice. There is one
trivial code change which brings our patch in line with the upstream way of
doing this; I hope that is not a problem.
thanks,
Thijs
Hi,
Please unblock the following for fixing security issues:
awstats/6.7.dfsg-5.1
phpmyadmin/4:2.11.8.1-5
thanks,
Thijs
pgp9Nrm3Etzwt.pgp
Description: PGP signature
Hi,
Please unblock:
squirrelmail/2:1.4.15-4
Please consider to unblock:
pdns/2.9.21.2-1
The new upstream release is only the relevant patch and updating the version
number. There are some other changes, but these are small so perhaps you can
consider migrating this.
Please accept from
Hi,
Please unblock (perhaps also bump urgency a bit):
dia/0.96.1-7.1
* Non-maintainer upload.
* Applying patch by James Vega to solve module import problem
(Closes: #504251)
Please accept from testing-security:
liquidsoap/0.3.6-4lenny1
* Added patch to fix liguidsoap's
Hi Adeodato,
On Tuesday 11 November 2008 18:42, Adeodato Simó wrote:
* Thijs Kinkhorst [Tue, 11 Nov 2008 16:53:14 +0100]:
Hi,
Hello,
Please allow mailman/1:2.1.11-5 to fix a release critical bug. Adeodato
already unblocked -4 for this bug, but another upload was necessary to
handle
Hi,
Please allow phpldapadmin/1.1.0.5-6 into lenny. The changes with current
lenny are two new translations, and a trivial fix for an important
usability problem: #489887. The bug fix has been in unstable since 3
months without new problems. The changelog is pasted below.
thanks,
Thijs
Hi,
I uploaded a version of r-base to testing-proposed-updates yesterday
specifically to address RC bug #496418: 2.7.1-1+lenny1. Can you please accept
it?
thanks,
Thijs
pgpatxVvhnkbt.pgp
Description: PGP signature
On Tue, October 21, 2008 14:48, Patrick Schoenfeld wrote:
Y Giridhar Appaji Nag wrote:
On 08/10/20 22:04 +1100, Ben Finney said ...
Package: aptitude
Version: 0.4.11.9-1lenny1
Severity: serious
Justification: violates Policy §4.4
This part of the policy is a should and not a must. I'll
Hi,
Please unblock phpbb2/2.0.23+repack-4. The installation would hang during a
non-interactive installation. I'm not sure about the release criticality of
that in the context of this package, but the fix is very simple and the
package has already aged 10 days.
phpbb2 (2.0.23+repack-4)
On Mon, October 6, 2008 11:12, Gerfried Fuchs wrote:
Hi!
Copy to debian-release because this question is rather a question to
the release team, even though it's extremely late and hope is pretty low
...
* Thijs Kinkhorst [EMAIL PROTECTED] [2008-03-19 20:15:43 CET]:
On Wednesday 19 March
Hi,
Please unblock squirrelmail/2:1.4.15-3 which fixes a security issue:
squirrelmail (2:1.4.15-3) unstable; urgency=high
* Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from
Hi,
Here's a request to remove two security-bugged packages from testing:
convirt:
* Has security issue spread around the code. There's a patch but
it's necessarily invasive and untested.
* No maintainer response to the security bug or any other open bug.
* Package not in stable, doesn't
Hi,
Please unblock phpbb2/2.0.23+repack-3, which addresses a security issue.
Changelog:
phpbb2 (2.0.23+repack-3) unstable; urgency=high
* Prevent leaking of the PRNG state in search_id. This is more of a
bug in PHP itself but we'll fix it here anyway to be sure.
[CVE-2008-4125,
On Monday 22 September 2008 09:11, Thijs Kinkhorst wrote:
Please unblock phpmyadmin/4:2.11.8.1-2, it includes a security fix.
Please make that phpmyadmin/4:2.11.8.1-3 which contains an additional securiy
fix.
thanks,
Thijs
pgpEF2AbGppyx.pgp
Description: PGP signature
Hi,
Please unblock phpmyadmin/4:2.11.8.1-2, it includes a security fix.
thanks,
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi!
Here's a list of packages which I think can be unblocked.
RC bug fix:
apticron/1.1.23
Debconf translation updates, sometimes combined with minor tweaks.
console-cyrillic/0.9-15.2
iirish/2.0-17.1
lprng/3.8.A-1.1
mediamate/0.9.3.6-4.5
nap/1.5.4-2.1 (not built on hppa)
ocfs2-tools/1.2.4-1.2
On Wed, Aug 27, 2008 at 10:05 PM, Thijs Kinkhorst [EMAIL PROTECTED]
wrote:
1311 files changed, 172664 insertions(+), 35937 deletions(-)
There is even more change uploaded on:
http://jspoker.pokersource.info/packaging-farm/jpoker/gnulinux/debian/unstable/src/
Let me know what I can do
Hi Luk,
Thanks for the unblocks.
On Tuesday 2 September 2008 20:27, Luk Claes wrote:
fwbuilder/2.1.19-5 *
debian/control.mine| 102
debian/control.r3093 | 86
debian/control.r3115
Hi,
Please unblock the following packages fixing security issues, those with *
please also consider to bump the urgency.
aview/1.3.0rc1-8.1 *
dist/1:3.5-17-2
fwbuilder/2.1.19-5 *
gpsdrive/2.10~pre4-6.dfsg-1
plait/1.5.2-2
seahorse/2.22.3-2*
tiger/1:3.2.2-5 *
wordnet/1:3.0-12
Hi!
I have a question about the following. The secure testing team regularly makes
uploads to the testing-security to fix security bugs. As such I think that
lenny shouldn't be considered as affected by those bugs anymore. Still, the
RC bug list at bts.turmzimmer.net shows those bugs with a
Hi,
Please unblock apt-file/2.1.5. It contains a fix for an upgrading problem
between etch and lenny, and fixes a regression introduced in 2.1.3.
Changelog:
* Fix wrong permissions for cache directory created by old versions
(closes: #495519).
* Fix leading slashes being ignored
Hi,
Here's a round of packages that could use an unblock to resolve recently
discovered tempfile race attacks:
feta/1.4.16+nmu1
qemu/0.9.1-6
rancid/2.3.2~a8-2
realtimebattle/1.0.8-8
vdr/1.6.0-6
Same for these two, but they could need an urgency bump aswell:
crossfire-maps/1.11.0-2
xcal/4.1-19
Hi,
lmbench uses a number of insecure temp files (#496427). Five months ago a bug
about writing under /usr was filed (#470279), just upgraded to serious.
Because the maintainer to date never responded to that issue and the package
now has two RC bugs, I think it's appropriate to remove the
Hi,
Please unblock ltp/20060918-3, fixing an imporant issue: the suite is very
insecure on multiuser systems, this must be documented. This README.Debian
explains the debtag that indicates limited security support.
* QA upload
* Set maintainer to Debian QA. There's work on adopting the
Hi,
Please unblock xmcd/2.6-21. It removes two security buggy scripts that are
probably not used by anyone anyway, but removing to be sure. The previous
upload by Frank Lichtenheld also did not migrate yet but seems acceptable
too:
xmcd (2.6-21) unstable; urgency=high
* QA upload.
*
On Monday 25 August 2008 05:56, Charles Plessy wrote:
I have not followed the discussions on -devel closely. What is the
relevance of this bug for the releasability of the package? Upstream is
already at a much higher version number and I am not able to solve the
prolem by myself.
Since the
On Sunday 24 August 2008 17:52, Luk Claes wrote:
It would be a pity if jifty will not be in lenny while near 20 new
needed dependencies were added for jifty and they will be almost useless
without it.
No, sorry, in general we don't include new packages into lenny at this
stage.
Would it
Hi,
Please unblock openocd/0.0+r655-1.1
openocd/0.0+r655-1 was already approved, but couldn't migrate
to testing due to not building on arm/armel ( #489048 ).
The only change done is the following:
diff -u openocd-0.0+r655/debian/rules openocd-0.0+r655/debian/rules
---
Planella Molas
(Closes: #494110).
* Added patch 68_update_catalan to update Catalan program translation,
thanks Jordi Mallach (Closes: #492297).
* Add a README.source file referring to quilt.
-- Thijs Kinkhorst [EMAIL PROTECTED] Mon, 11 Aug 2008 16:06:19 +0200
thanks,
Thijs
). The package has already aged nearly 10 days in unstable.
Changelog follows:
phpmyadmin (4:2.11.8.1-1) unstable; urgency=low
* New upstream release, only changes:
+ Updates Norwegian translation.
+ Fixes PHP notice on every page load.
-- Thijs Kinkhorst [EMAIL PROTECTED] Mon, 11 Aug
for policy 3.8.0, added README.source.
* Add self to uploaders.
-- Thijs Kinkhorst [EMAIL PROTECTED] Thu, 24 Jul 2008 22:25:09 +0200
pgpuDkDyZW5BQ.pgp
Description: PGP signature
On Saturday 2 August 2008 09:24, Luk Claes wrote:
Could you please unblock this package, it fixes a security issue[0].
The unstable version is a new upstream version, but the changes are
trivial. It includes the security patch and some changes to .desktop file
and so on. I think it should
Hi,
Please unblock httrack/3.42.3-1, ready to migrate, which fixes a security
issue.
thanks,
Thijs
pgp1qW9pLY2Uq.pgp
Description: PGP signature
Hi.
Can you please remove tirc from testing?
It has an RC bug (#487867), and I already filed a general removal bug from
unstable (#492850) but I'd rather see it removed from testing as soon as
possible because it has security issues.
thanks,
Thijs
pgpNQ3O8H7ArB.pgp
Description: PGP
On Wed, July 30, 2008 09:51, Pierre Habouzit wrote:
On Wed, Jul 30, 2008 at 07:03:33AM +, Thijs Kinkhorst wrote:
Can you please remove tirc from testing?
hint added.
thanks!
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Tuesday 29 July 2008 04:47, Roberto C. Sánchez wrote:
This is just obscene.
How so?
I'm not sure why you think that adding a new binary package is something you
should do a few days before the freeze instead of more near the beginning of
a release cycle. Of course you can try to add that
Hi Joey,
On Sat, June 28, 2008 22:40, Joey Hess wrote:
I've been working on a fix for bug #479431, and before I apply it to
d-i, I want to make you aware of it, since it can have repercussions to
DSAs and release management.
Thank you for your work on this. I think this adds a significant
On Tuesday 20 May 2008 11:28, Jan Wagner wrote:
While reading about the issues of renumbering L.ROOT-SERVERS.NET on
http://blog.icann.org/?p=309, we should provide asap an up to date db.root
file.
Reading that blog post, it becomes clear to me that there's no immediate
problem with this
On Tuesday 20 May 2008 13:36, Jan Wagner wrote:
On Tuesday 20 May 2008 11:58, Thijs Kinkhorst wrote:
Reading that blog post, it becomes clear to me that there's no immediate
problem with this address, only that it ideally shouldn't have been done
this way. I don't see a ground for doing
On Tuesday 20 May 2008 14:11, Jan Wagner wrote:
malice or not, if the old L would have answered with false (in which way
ever) answers, there would be a significant part of users affected. Users
(of users) of a stock bind9 right out of stable are also affected.
True, but it doesn't, so there's
Hi SRMs,
The openssl issue has been fixed on the mirrors, but people installing Debian
from CD still generate weak key material until they run their first apt
upgrade, which is problematic because that upgrade doesn't automatically
resolve problems with things generated in the past. To
On Wednesday 14 May 2008 17:05, Neil McGovern wrote:
Could somebody please bump the urgency of openssh-blacklist to critical?
It's very important that a version of openssh with the openssl
mitigation work gets into testing as soon as possible, and it depends on
openssh-blacklist.
Urgent
On Thursday 15 May 2008 12:12, Neil McGovern wrote:
It seems to be mistyped as openss*l*-blacklist, intended is
openss*h*-blacklist.
Updated
Thanks!
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi all,
I request that gnupg/1.4.6-2.2 is unblocked. This version removes a spurious
setuid bit on gnupg, which was a change approved earlier on this list.
thanks,
Thijs
pgpmwHVOgAkgV.pgp
Description: PGP signature
Hello Laszlo, release team,
On Sat, April 19, 2008 09:57, Andreas Barth wrote:
* Laszlo Boszormenyi ([EMAIL PROTECTED]) [080419 07:42]:
I intend to hijack GnuPG[1], but as it builds an udeb and has priority
important, I ask if the Release Team allow it.
So, the only on-topic question is: Do
On Tue, April 8, 2008 13:01, Gerfried Fuchs wrote:
Release Wizard --
current Steve Langasek
Just a small note: current looks out of place and doesn't add much
value. I suggest to replace it with the empty string.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Wednesday 2 April 2008 11:09, Philipp Kern wrote:
- exiftags, released this morning
Missing the sparc build from the announcement and o-p-u-NEW. Could you
please take care of it?
Built it by hand and installed it now.
Thijs
pgpdrgZBoBeM9.pgp
Description: PGP signature
Hi Philipp,
On Tue, April 1, 2008 11:27, Philipp Kern - automated mail wrote:
Accepted Packages
-
Just to get the complete picture the following.
I am still missing from the list:
- xine-lib, released yesterday
- exiftags, released this morning
- squid; to be published anytime
On Wednesday 19 March 2008 15:33, Enrico Tassi wrote:
http://buildd.debian.org/fetch.cgi?pkg=lua-svnver=0.2.5-1arch=mipselsta
mp=1192380641file=log
But a later attemps was successful... Is there a way to know on which
buildd it is built?
The first line of the log tells you it was built on
On Saturday 19 January 2008 04:53, Alexander Zangerl wrote:
the version in etch is 0.4.2-10.1 and hence doesn't contain the
problematic code.
You can see the status of this vulnerability on:
http://security-tracker.debian.net/tracker/CVE-2007-5201
can you update that info to show that we're
On Saturday 22 December 2007 18:07, Stephen R Marenka wrote:
On Sat, Dec 22, 2007 at 04:38:42PM +0100, Luk Claes wrote:
Please make sure oldstable and oldstable-security builds are taken care
of. Currently at least the following builds are missing:
zeus
perl_5.8.4-8sarge6
Hi,
On Tue, October 23, 2007 10:04, Martin Zobel-Helas wrote:
As I still haven't received a reply from the security team, I think we
can assume the answer is no.
Security team, please comment on that.
I see that the outcome of discussion inside the team hasn't been relayed
to -release. The
On Tue, September 11, 2007 10:29, Robert Millan wrote:
I suppose this will have to be uploaded to stable-proposed-uploads as
well, but what version number? etch and sid have the same upstream
version, so how do we avoid collisions?
Maybe I'm missing something here, but what's wrong with the
On Friday 11 May 2007 07:20, Alexander Wirt wrote:
Vincent McIntyre schrieb am Freitag, den 11. Mai 2007:
is it possible to have xlockmore included in the point release?
It had an RC bug that kept it out of etch but that seems to have
been resolved some months ago.
#318123 isn't resolved.
Hi,
A few packages have been missed from the list of packages needed to be
rebuilt for the /usr/doc transations. This should be the last ones, at
least that I know of, that needed to be fixed.
All these packages required just a simple rebuild. In one case I also
fixed a debconf dependency.
Hi,
Please unblock phpmyadmin/4:2.9.1.1-3, which only contains translation
and documentation changes:
* Added Galician debconf translation by Jacobo Tarrio (Closes: #412195).
* Actually install config.default.php example file (Closes: #412655).
* Add XS-Vcs-* fields to debian/control.
Hi,
A few packages have been missed from the list of packages needed to be
rebuilt for the /usr/doc transations. I've now reuploaded a number of
these so they would get rebuilt, and fixed other etch-appropriate things
where applicable. Please unblock them to further complete the /usr/doc
Hi,
Please unblock jta/2.5-3. It fixes an important bug (and Java policy
violation) with a very trivial fix: the installed program name was only
jta-2.5, making it impossible to invoke it in an version-agnostic way
('jta'). Compare it to installing Iceweasel only as iceweasel-2.0.0.1
making it
On Tue, 2007-02-20 at 12:14 +0100, Marc 'HE' Brockschmidt wrote:
Thijs Kinkhorst [EMAIL PROTECTED] writes:
Please unblock jta/2.5-3. It fixes an important bug (and Java policy
violation) with a very trivial fix: the installed program name was only
jta-2.5, making it impossible to invoke
Hi,
I've uploaded a new version msttcorefonts/1.8 that includes four debconf
po updates, thanks to the Spanish, Galician, Vietnamese and Romanian
teams! Please unblock it.
thanks,
Thijs
signature.asc
Description: This is a digitally signed message part
On Tue, 2007-01-23 at 11:50 +0100, Martin Schulze wrote:
Please keep in mind that the upgrade path from etch to lenny needs
to work for etch r0 to lenny r0 as well.
So I've understood, but cannot back this up with any documentation.
Where is this documented? I'm curious as to the background of
Hi,
Please unblock phpbb2/2.0.21-6. It fixes four security issues backported
from the latest upstream stable release. The severity of these issues is
sometimes unknown, but the fixes are non-invasive so we backported
everything that has a CVE ID. It also includes a new debconf
translation.
Also
On Sat, January 13, 2007 12:44, Neil McGovern wrote:
Can I have a unblock for:
phpmyadmin from 4:2.9.1.1-1 to 4:2.9.1.1-2 CVE-2007-0203 / CVE-2007-0204 -
XSS
JFTR, as the maintainer I support this (was going to ask for unblock after
it was getting ready to migrate).
Thijs
--
To
) unstable; urgency=medium
+
+ * Non-maintainer upload with maintainer approval.
+ * Remove obsolete /usr/doc/libcorelinux symlink on
+package upgrade (Closes: #351740).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Fri, 5 Jan 2007 15:32:22 +0100
+
libcorelinux (0.4.32-7.1) unstable; urgency
Hi,
Please unblock squirrelmail-locales/1.4.9-20070106-1
This is a new upstream release of a package containing only
translations, hence I think it qualifies for unblocking. It has aged in
unstable without problems.
thanks
Thijs
signature.asc
Description: This is a digitally signed message
Hi,
Please unblock camediaplay/20010211-4.1. It was uploaded (by Amaya) in
July but did not make it into Etch because of a stale entry in
Packages-arch-specifc. That entry has now been removed and the package
built on all archs.
It would complete the /usr/doc transition for yet another package
Hi,
Please unblock phpgedview/4.0.2.dfsg-2. It adds a missing dependency
which I think it serious enough to unblock, and a small documentation
improvement.
thanks!
Thijs
signature.asc
Description: This is a digitally signed message part
On Fri, 2007-01-05 at 11:55 +0100, Marc 'HE' Brockschmidt wrote:
Thijs Kinkhorst [EMAIL PROTECTED] writes:
Please unblock phpgedview/4.0.2.dfsg-2. It adds a missing dependency
which I think it serious enough to unblock, and a small documentation
improvement.
Unblocked.
Thanks for your
-1.5/debian/changelog 2006-11-11 16:11:04.0 +0100
+++ /tmp/oH8ygs2GW0/msttcorefonts-1.6/debian/changelog 2006-12-29 12:26:32.0 +0100
@@ -1,3 +1,9 @@
+msttcorefonts (1.6) unstable; urgency=medium
+
+ * Updated translation: German by Mario Scheel (Closes: #400123).
+
+ -- Thijs
Hi,
mtop 0.6.6-1.1 was uploaded as part of the l10n NMU campaign (with
maintainer approval) but was just a day short of reaching testing before
the freeze.
The changes can be categorised as:
* Translation fixes and updates;
* Fixes for policy compliancy:
- add missing depends
- purge
On Wed, 2006-12-13 at 09:49 +0100, schönfeld / in-medias-res.com
wrote:
I quiet understand the etch release policy and I am sure that there are
cases where 5a matches the case. But in the case of mantis it does *not*
match. Because there is currently *one* open security issue which where
just
Thijs Kinkhorst wrote:
I'd like to request the approval of uploading a new upstream version of
phpMyAdmin, 2.9.1.1. I'm skipping one upstream version here (Debian
currently has 2.8.0.3)
That should be 2.9.0.3.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Wed, 2006-10-18 at 11:16 +0200, Lucas Nussbaum wrote:
Internet access was not available from the nodes. Are build scripts
allowed to download files from the Internet during build ? Some perl
modules do this in their tests.
No, this is definately a bug. I've indeed encountered it a couple of
On Wed, 2006-10-18 at 11:41 +0200, Andreas Barth wrote:
Actually, in a test it *might* be ok. Usually, even if they're bugs,
they're not RC.
Access to a debian-mirror is necessary for some packages, but rather
on a exception-basis - almost all packages need to build with the
packages they
On Mon, October 2, 2006 19:15, Martijn van Oosterhout wrote:
Best translated are required/important/standard, but those descriptions
will be the least relevant to Joe Average, since these packages are
already installed for him.
The goal should be making sure that most of the packages people
On Mon, 2006-10-02 at 11:54 +0200, Jens Seidel wrote:
Consider how many people whould profit from it!
I'm missing the following practical note a bit in this discussion: are
there actually a significant number of translations to take the
non-trivial venture of a very late apt update?
I value the
Hi,
I'd like to request removal of knowledgetree for testing for these
reasons:
* Has two security issues;
* Has an open request for adoption since a couple of months but no takers;
* Has low popcon numbers;
* Is a couple of versions behind upstream.
(See bug #373137)
Same goes for slash:
* Has
On Wed, 2006-07-26 at 23:18 +0200, Martin Zobel-Helas wrote:
mantis/0.19.2-5sarge4
please remove the older package mantis/0.19.2-5sarge2.1 from p-u-new
That sarge2.1 package is actually newer but when preparing it I failed
to see that there was the sarge4 package with a security fix which had
On Wed, 2006-07-26 at 17:32 +0200, Marc Haber wrote:
While we're at it,
Please don't - this issue is clearly a separate one from the APT Key
Management problem, and is not and has never been a release goal. I've
got no opinion on binary package signatures, but I do know that there's
no
Hello Andi,
there has been a change that affects the number of visible bugs:
We treat version tracking correctly now, and ignore the done-status on
bugs that have version tracking used in a close message.
Good, thanks for the effort. I have just two queries here: first, since
Debian seems to
On Wed, April 19, 2006 18:09, Julien Danjou wrote:
It is unreasonable, I think, for bugs reported only against the
experimental version to keep packages out of testing.
This bug should have been tagged 'experimental', I guess, and so will
would have been ignored. I tagged it.
You should use
On Wed, 2006-04-12 at 11:06 +0200, Andreas Barth wrote:
Hi,
as we're now directly moving towards sarge r2, we drafted an
announcement. Please see the attachement for more details. We will
notify you as soon as the mail can be sent out.
Hey Andy,
I'm missing DSA 1007 for drupal, it is
Hello Loïc,
The change in itself is a one-liner, the inclusion of the forgotten
patch system include, but results in two patches being applied (in the
current source package, these simply sit in debian/patches but are
useless).
These patches fix important issues, check #313457 for the
these
to unstable instead. This upload will be rejected.
Thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
of the current maintainer who
indicated she was too busy at the moment)
Thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
201 - 287 of 287 matches
Mail list logo