Re: Freeze exception quassel 0.7.1-1
On Thu, 2010-09-23 at 20:37 +0200, Thomas Mueller wrote:
> I'd like to ask you for a freeze exception of quassel 0.7.1.
> The current version of quassel in testing is 0.6.1-2.
> This version has a security hole as documented in [1] and in this bug report
> as well [2].
>
> To fix this issue I could upload 0.6.3,
Or 0.6.1-3 containing just the security fix. (Jumping to 0.6.3 assumes
that all of the changes in 0.6.2 are okay; I haven't checked each of
them, but there appear to be a couple of dozen of them).
> but this is already a some kind of
> outdated branch within quassel develoment as 0.7 has been released recently.
The diff between the 0.6.1 and 0.7.1 packages (ignoring .po changes) is
167 files changed, 5192 insertions(+), 888 deletions(-)
whereas the 0.6.2 to 0.6.3 diff (i.e. what's labelled as the security
fix) is nearer 60-70 lines.
0.7.0 appears to have been tagged upstream a little over a week ago;
that's a bit soon to be declaring 0.6 "outdated", isn't it?
> 0.7.1 fixes a security hole within 0.7.0
>
> Package for 0.7.1 has been uploaded unstable on September 21st.
It would have been appreciated if you'd sent this mail _before_ doing
that (or uploaded to experimental in the meantime).
Regards,
Adam
Reply to: