Comment 13 for bug 1970228

Thanks for the updated patches - they look a lot better. Note, one thing we try and do is to add references to the patch files to indicate where they came from as per https://dep-team.pages.debian.net/deps/dep3/ - as an example see the update in http://launchpadlibrarian.net/596090586/subversion_1.14.1-3_1.14.1-3ubuntu0.1.diff.gz which shows these headers included in the new debian/patches/CVE-XXX.patch files which got added as part of that update.

Including these also makes it a lot easier for reviewers to ensure that the changes are 'official' and match what the upstream.

Also the debian/changelog entry is a bit terse compared to what we normally would do - as an example please see step 3 at https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging

However, in this case as you have already put a lot of work into these, I am happy to go with them as they are (although I am replacing the patches with the ones with dep-3 headers from the impish update linked above so we can keep as much attribution etc as possible). I will sponsor these later today/tomorrow.

Thanks again.