Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

To: Andrej Shadura <andrew@shadura.me>
Cc: Julien Cristau <jcristau@debian.org>, 959723@bugs.debian.org
Subject: Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 6 May 2020 23:22:42 +0200
Message-id: <[🔎] 20200506212242.GA1987173@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 959723@bugs.debian.org
In-reply-to: <[🔎] 20200504210421.ydkrva7pno3gfcpz@nuevo>
References: <[🔎] 158859905378.1600869.15811189350131380448.reportbug@nuevo> <[🔎] 20200504133525.GA329489@chou> <[🔎] 20200504163023.jvceiyp2vn33n3xg@nuevo> <[🔎] 20200504163326.GA22937@topinambour.cristau.org> <[🔎] 20200504210421.ydkrva7pno3gfcpz@nuevo> <[🔎] 158859905378.1600869.15811189350131380448.reportbug@nuevo>

On Mon, May 04, 2020 at 11:04:21PM +0200, Andrej Shadura wrote:
> On Mon, May 04, 2020 at 06:33:26PM +0200, Julien Cristau wrote:
> > > I think in this case it’s okay because of this NEWS entry:
> > > 
> > > https://sources.debian.org/src/matrix-synapse/0.99.2-6/debian/NEWS/
> 
> > I'm not sure how that makes it any better?  NEWS is shown on upgrade at
> > best, so anyone installing this on buster won't see it.
> 
> True; I haven’t thought about people who never had synapse installed
> before. In any case, I think anyone installing this on buster does
> follow the news about Matrix and probably tried to figure out how to
> upgrade.

Notifying users about an EOL package is handled by debian-security-support,
simply file a bug against it and the next time it lands in stable, people
will be notified who have it installed.

I'm all in favour of removing it by 10.4 or 10.5, depending on whether
the timing still allows for 10.4.

Cheers,
        Moritz

Reply to:

References:
- Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
  - From: Andrej Shadura <andrewsh@debian.org>
- Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
  - From: Julien Cristau <jcristau@debian.org>
- Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
  - From: Andrej Shadura <andrew@shadura.me>
- Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
  - From: Julien Cristau <jcristau@debian.org>
- Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
  - From: Andrej Shadura <andrew@shadura.me>

Prev by Date: Bug#959890: buster-pu: package confget/2.2.0-4+deb10u1
Next by Date: Re: Bug#953235: vtkplotter: autopkgtest arm64 failure: No module named 'vtkIOFFMPEGPython'
Previous by thread: Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version
Next by thread: Bug#946779: marked as done (buster-pu: package logrotate/3.14.0-4)
Index(es):
- Date
- Thread