However, the security-sponsors process is intended to get security fixes into the stable releases; upgrading vlc in its entirety from 2.0.3 or 2.0.4 to 2.0.5, with all the other unrelated changes that are included, would be better handled through the SRU process: https://wiki.ubuntu.com/StableReleaseUpdates
If you do not wish to do the SRU, you could prepare a smaller patch that addresses only specific security issues. This could result in a debdiff of reasonable size, one that facilities review of the changes.
I have unsubscribed ubuntu-security-sponsors; please re-subscribe ubuntu-security-sponsors once a debdiff is available for review.
Benjamin, thanks for working on this issue.
However, the security-sponsors process is intended to get security fixes into the stable releases; upgrading vlc in its entirety from 2.0.3 or 2.0.4 to 2.0.5, with all the other unrelated changes that are included, would be better handled through the SRU process: https:/ /wiki.ubuntu. com/StableRelea seUpdates
If you do not wish to do the SRU, you could prepare a smaller patch that addresses only specific security issues. This could result in a debdiff of reasonable size, one that facilities review of the changes.
I have unsubscribed ubuntu- security- sponsors; please re-subscribe ubuntu- security- sponsors once a debdiff is available for review.
Thank you