This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Do we need a new maintainer for fetchmail?

On Nov 30 01:30, Matthias Andree wrote:
> Greetings,
> the fetchmail package for Cygwin is at version 6.3.9, released two years ago,
> and with known security vulnerabilities and errata:
> CVE-2009-2666 - improper TLS cert validation allows MITM attacks to go unnoticed
> CVE-2010-1167 - heap overflow in verbose mode
> EN-2010-03    - improper SASL/AUTH implementation causes bogus auth failures
> And a gazillion of bugfixes since 6.3.9 provided in [1], including critical
> fixes for long-standing bugs.
> Fetchmail does not currently require Cygwin-specific patches.


> I have provided Jason Tishler with up to date packages for the current fetchmail
> 6.3.18 package (with selected upstream fixes from post-6.3.18 Git) a fortnight
> ago, built on Cygwin 1.7.7 32-bit (Win 7), without any response.

Well, that could mean he just has very limited time right now or he's
on vacation.

> I don't mean to take over maintainership, but -- can we do non-maintainer
> updates in such situations?

Thanks for the offer, but we don't do that, usually.  I understand that,
as an upstream maintainer, you're keen to see a more up-to-date and more
bug-free version of fetchmail in the distro.  However, unless the
maintainer steps down officially, and unless another person volunteers
to take over maintainership of a package, we don't take new versions
of a package.  While we have a couple of currently unmaintained/orphaned
packages, in general we only really like packages which have a distro

So, first I'd really like to get a word from you, Jason.

If Jason is AWOL for a longer period of time (which I doubt, since he
was still active on the cygwin list early November), then we can talk
about taking over maintainership, if that's an option for you.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]