This is the mail archive of the
mailing list for the Cygwin project.
Re: Do we need a new maintainer for fetchmail?
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Cc: Jason Tishler <jason at tishler dot net>
- Date: Tue, 30 Nov 2010 13:42:12 +0100
- Subject: Re: Do we need a new maintainer for fetchmail?
- References: <4CF445B3.firstname.lastname@example.org>
- Reply-to: cygwin-apps at cygwin dot com
On Nov 30 01:30, Matthias Andree wrote:
> the fetchmail package for Cygwin is at version 6.3.9, released two years ago,
> and with known security vulnerabilities and errata:
> CVE-2009-2666 - improper TLS cert validation allows MITM attacks to go unnoticed
> CVE-2010-1167 - heap overflow in verbose mode
> EN-2010-03 - improper SASL/AUTH implementation causes bogus auth failures
> And a gazillion of bugfixes since 6.3.9 provided in , including critical
> fixes for long-standing bugs.
> Fetchmail does not currently require Cygwin-specific patches.
> I have provided Jason Tishler with up to date packages for the current fetchmail
> 6.3.18 package (with selected upstream fixes from post-6.3.18 Git) a fortnight
> ago, built on Cygwin 1.7.7 32-bit (Win 7), without any response.
Well, that could mean he just has very limited time right now or he's
> I don't mean to take over maintainership, but -- can we do non-maintainer
> updates in such situations?
Thanks for the offer, but we don't do that, usually. I understand that,
as an upstream maintainer, you're keen to see a more up-to-date and more
bug-free version of fetchmail in the distro. However, unless the
maintainer steps down officially, and unless another person volunteers
to take over maintainership of a package, we don't take new versions
of a package. While we have a couple of currently unmaintained/orphaned
packages, in general we only really like packages which have a distro
So, first I'd really like to get a word from you, Jason.
If Jason is AWOL for a longer period of time (which I doubt, since he
was still active on the cygwin list early November), then we can talk
about taking over maintainership, if that's an option for you.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com