=== FJKong_afk is now known as FJKong
dholbachgood morning07:04
=== ara is now known as Guest14068
=== utlemming is now known as utlemming_away
=== utlemming_away is now known as utlemming
=== utlemming is now known as utlemming_away
=== utlemming_away is now known as utlemming
highvoltagewom 1313:41
tewardMOTUs:  Good morning/day/evening/night/<insert time reference word here>.  I think a package has stopped being maintained in Debian, and as a result we have 'old' and 'broken' software (electrum bitcoin wallet) in the repositories.  Is it possible to request a blacklist until Debian updates it for that package to be included?13:42
Laneyyou almost got away, highvoltage13:42
tewardand if so what's needed for all that13:42
highvoltageLaney: lol13:42
Laneyteward: broken how?13:43
Laneyshould it be removed from Debian testing too?13:43
tewardLaney: i think https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792231 is a good start point13:43
ubottuDebian bug 792231 in electrum "Electrum version 1.9.8 vulnerable, needs update" [Normal,Open]13:43
tewardLaney: it should be UPDATED by the Debian Bitcoin Team13:43
tewardor torpedoed from their repositories entirely13:43
tewardthe version there, 1.9.8, is a year old13:43
tewardand current is 2.4.x13:43
Laneyteward: probably start by making that 'serious', I guess13:44
Laneyamd we could update it in Ubuntu without waiting for Debian13:44
LaneyI guess the stable releases want to be updated too13:44
Laneywhich will be fun but maybe the SRU team will let it be updated to the new version assuming that it is compatible13:45
tewardLaney: i'm not a packaging expert for it, though.  I'd be happy to *try*, but there may be a PPA we could 'borrow' and have the sec team look at13:46
tewardi'll reach out to electrum upstream to see if they know of prebuild packages for it, i think they have some...13:46
LaneyAssuming they based it off the same packaging13:49
tewardgood point13:49
Laneyotherwise... might be a good opportunity to learn13:49
* teward shrugs13:49
tewardI am hesitant with anything Bitcoin to use any packaging, and to build from source to make *sure* that the packaging doesn't have hidden surprises13:50
tewardLaney: well, I got a response back.  http://paste.ubuntu.com/11993520/plain/14:44
tewardsounds like missing deps are being a big issue14:44
tewardif anything, I think I'd like the sec team to review and determine if it should be yanked14:45
Laneyteward: doh14:58
tewardLaney: i just responded asking "GIven that this is already vulnerable and it has OTHER vulnerabilities, does it even make sense to keep it in the repos"14:59
tewardfrom my perspective, on security considerations alone, the answer is "No, this is not worth keeping"15:00
tewardbut I have no say15:00
tewardnot really15:00
Laneybest to go raise it with security guys15:00
Laneysure you do15:00
tewardso, hop into -hardened and ask for their opinions, link the Debian bug>?15:00
tewardand let them say "Burn it" :P15:00

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!