In ‘Bits from the Security Team‘ a few weeks ago, Thijs Kinkhorst wrote: Since a couple of years we’ve been handing off security issues of minor or theoretical impact but for which a fix would be desirable at some point, like certain classes of denial-of-service attacks, off to stable point updates. We’re looking for a…

Just one this week: #609304 (pimd): backport the unstable fix for testing-proposed-updates (which nearly gave me heart failure when it FTBFS on mipsel, but it was an unrelated problem).

This week: #607958 (apt): replied and tagged ‘moreinfo’; jmm later downgraded it to normal #606951 (nsca): agreed with the submitter and reverted the change, uploaded straight to unstable #605784 (nagios-statd): thanks to the great debugging work of the submitter, uploaded a fix to DELAYED/2 (giving the maintainer time to make his own planned upload) #598588…

This week: #606151 (nordugrid-arc-nox): cherry-picked a patch from upstream and uploaded to DELAYED/1 #606670 (minitube): removal bug filed at request of maintainer #607762 (dbus-glib): bumped the build-dependency and uploaded to DELAYED/7 (later pushed into DELAYED/0 at maintainer’s request) #607427 (opensc): applied security fixes from upstream and uploaded immediately Not quite one fix per day, as…

When I first started using Debian properly, I played with gpg-agent and pinentry but I didn’t really understand the various bash initialisation scripts, and my botched setup annoyed me so much I disabled it again quite quickly (for example, if I left the machine logged in to GDM at home then logged in through SSH,…

Now that it’s much more convenient for me to do NMUs, and simultaneously there a handful of bugs that I can actually deal with, I guess it’s about time I got stuck into some RC bugs. Here’s my (rather modest) list of fixes for Squeeze the past few days: #606298 (deal.ii): can’t be reproduced by…

I came across the mingetty changelog by chance while researching something totally unrelated. Paul Martin, you are a genius. mingetty (1.07-2) unstable; urgency=high * Critical security patch: Fix unsafe chroot call. (Closes: #597382) * Checked dependencies for locusts. (Closes: http://xkcd.com/797/) — Paul Martin <masked> Sat, 25 Sep 2010 01:51:12 +0100 Original cartoon: http://xkcd.com/797/

Since I didn’t actually come home from Debconf, but instead took a further week’s holiday and lazed around by the beach, I haven’t sat down to write anything about it yet. Most importantly, I should say thank you to Joey Hess, Steve McIntyre and Stefano Zacchiroli for arranging the Debconf Newbies programme, without which I…