Re: Fwd: jessie backport for Wordpress

[Rodrigo Campos <rodrigo@sdfg.com.ar>]

On Fri, Jun 12, 2015 at 09:22:10PM +1000, Craig Small wrote:
> On Wed, Jun 03, 2015 at 08:16:28AM +0200, Rhonda D'Vine wrote:
> >  Please let me know how you want to address the security issues for
> > stable before I consider having wordpress for backports approved.  This
> > is crucial to me for understanding on how you plan to maintain and take
> > care of the package in the long run.
> The security issues for wordpress are solved, the stable version of
> wordpress is maintained. There is often a delay of a few days between
> sid being updated and stable, but thats because its harder to pick
> patches than just import an upstream file.

As I said https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784603, using the
4.1 branch on the git tree might be the easiest way while it's maintained
upstream (either to add patches or to use new upstream releases, both should be
quite simple). And, IMHO, way simpler than backporting changes from 4.2 branch
that touch the DB and have already been backported to 4.1 by the WP team.

> 
> Now, I'm not sure what happens if there is a new security bug and
> backports has a different version to the standard stable.

Not sure I follow, but it is expected (or not uncommon) to backports and stable
have a different versions... backports will have 4.2.2 and stable 4.1+patches
now, for example (or if 4.2.2 enters testing finally :))

IIUC, backports can be updated with the package on sid (no need to wait till it
goes to testing when there are security fixes). From
http://backports.debian.org/Contribute/#index6h3:

	"If your package had a security update you can upload a new backport
	even if its not yet in testing"



But not sure I understand your question. So maybe all I'm saying here is just
pointless :-)





Thanks a lot, really!
Rodrigo