Ok, when I started writing this comment I actually changed my mind. So orignally I thought we should just cherry-pick the fix, but seeing that we now ACTUALLY have jcat in main (probably because of fwupd?), maybe we should just backport 0.1.3-2 and get it promoted.
That being said, I think the security team needs to chip in here. Since this is a security fix, I think they are the ones deciding in the end. Could we get someone from security for this one? That being said, how is actually libjcat used by fwupd? I tried running reverse depends on both impish and focal for jcat and saw no dependency. Will we need to have it in main? If yes, if we backport the 0.1.3 version, we could just promote it into main as-is probably (after a quick dependency check etc.). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1920724 Title: Upgrade focal/libjcat to version 0.1.3-2 and MIR it To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1920724/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
