[Secure-testing-team] Bug#689147: unblock: gajim/0.15.1-1
Yann Leboulanger
asterix at lagaule.org
Wed Dec 12 11:50:25 UTC 2012
On 12/12/2012 11:40, intrigeri wrote:
> Hi,
>
> Yann Leboulanger wrote (12 Dec 2012 07:57:30 GMT) :
>> On 12/12/2012 01:37 AM, intrigeri wrote:
>>> Looks like this should be added to the embedded code copies list,
>>> regardless of the minor diff:
>>> https://wiki.debian.org/EmbeddedCodeCopies
>
>> This can also be in Gajim itself, and I'll do that for next release.
>
> Great!
>
> However, given this next release is highly unlikely to be in Wheezy,
> it looks like Wheezy will ship with a Gajim that *has* a python-gnupg
> embedded code copy -- and perhaps Squeeze has too?
>
> Regardless of the future (much welcome!) upstream fixes, information
> about the existing code duplication needs to be put on the dedicated
> list, so that the security team can react appropriately in case
> a security issue is discovered in the duplicated library.
>
> (Adding secure-testing-team into the loop, keeping the unblock bug in
> the Cc list too, as I doubt the package should be unblocked without
> having a clear view of what's happening with the embedded
> python-gnupg.)
Ok then we wait for an answer from secure-testing-team? I don't think I
need to do somthing, do I?
note that the version of GnuPG in Gajim also handles some more errors
like KEYEXPIRED and SIGEXPIRED.
--
Yann
More information about the Secure-testing-team
mailing list