However, in this case as you have already put a lot of work into these, I am happy to go with them as they are (although I am replacing the patches with the ones with dep-3 headers from the impish update linked above so we can keep as much attribution etc as possible). I will sponsor these later today/tomorrow.
Thanks for the updated patches - they look a lot better. Note, one thing we try and do is to add references to the patch files to indicate where they came from as per https:/ /dep-team. pages.debian. net/deps/ dep3/ - as an example see the update in http:// launchpadlibrar ian.net/ 596090586/ subversion_ 1.14.1- 3_1.14. 1-3ubuntu0. 1.diff. gz which shows these headers included in the new debian/ patches/ CVE-XXX. patch files which got added as part of that update.
Including these also makes it a lot easier for reviewers to ensure that the changes are 'official' and match what the upstream.
Also the debian/changelog entry is a bit terse compared to what we normally would do - as an example please see step 3 at https:/ /wiki.ubuntu. com/SecurityTea m/UpdatePrepara tion#Update_ the_packaging
However, in this case as you have already put a lot of work into these, I am happy to go with them as they are (although I am replacing the patches with the ones with dep-3 headers from the impish update linked above so we can keep as much attribution etc as possible). I will sponsor these later today/tomorrow.
Thanks again.