Re: Fwd: jessie backport for Wordpress

To: Rodrigo Campos <rodrigo@sdfg.com.ar>
Cc: Craig Small <csmall@debian.org>, debian-backports@lists.debian.org
Subject: Re: Fwd: jessie backport for Wordpress
From: Martin Steigerwald <martin@lichtvoll.de>
Date: Wed, 03 Jun 2015 10:36:58 +0200
Message-id: <[🔎] 8705362.uZbQRFYBJ2@merkaba>
In-reply-to: <[🔎] 20150602221254.GB15299@sdfg.com.ar>
References: <[🔎] 6218841.8A9vZTVek9@merkaba> <[🔎] 20150602221254.GB15299@sdfg.com.ar>

Am Dienstag, 2. Juni 2015, 23:12:54 schrieb Rodrigo Campos:
> On Tue, Jun 02, 2015 at 11:36:09PM +0200, Martin Steigerwald wrote:
[…]

Hi Rodrigo,

> > Hello Craig and Rodrigo,
> > 
> > Craig, Rodrigo made a jessie-backport of Wordpress 4.2.2.
> > 
> > And gave another good reason to have it available for Jessie users.
> > 
> > I would really like to see it in jessie-backports after wordpress 4.2.2
> > entered testing.
> 
> Cool, let's hope it gets merged :)

Think is, for stable it would be a major version upgrade.

So according to this wordpress 4.2 would neither be something for backports 
nor for stable. And now what?

Handle it like virus killer signatures? I think there is some suite for 
often updated things like that. Or backport security fixes from 4.2 to 4.1? 
Handle it like iceweasel with updating to major versions due to upstream 
security fix support policy? Only provide limited security support?

Craig is wordpress package maintainer. Craig, what do you think?

Currently I still have 4.2.2 from unstable installed on a Jessie server VM 
which due to first other package as a dependency already been pulled into it, 
is not optimal I think (php-getid3 see debian bug 786487).

> > I am willing to test it on my server where I now use the unstable
> > package.
> Great, I'm using the packages on my dev server, probably install it on
> production tomorrow. So far, so good :)
> 
> > Rodrigo, how did you solve the versioned dependency php-getid3 (>=
> > 1.9.9+dfsg)? According to Craig its important to use the newer version
> > cause it has a security fix.
> 
> It seems the fix is backported to jessie, as security fixes usually are.
> Which fix do you refer to ? The jessie version has a fix for
> CVE-2014-2053 and a memleak (see the changelog for the jessie version).
> Do you refer to any of those fixes ?

I have no idea. Craig just mentioned it in the bugreport I cc´d on the 
initial mail:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786487#10

> If not, it's probably worth opening a bug to fix it in jessie :)

Well yes.

Ciao,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7

Reply to:

Follow-Ups:
- Re: Fwd: jessie backport for Wordpress
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Fwd: jessie backport for Wordpress
  - From: Craig Small <csmall@debian.org>

References:
- Fwd: jessie backport for Wordpress
  - From: Martin Steigerwald <martin@lichtvoll.de>
- Re: Fwd: jessie backport for Wordpress
  - From: Rodrigo Campos <rodrigo@sdfg.com.ar>

Prev by Date: Bug#787591: python-pelican: datetime comparison error when WITH_FUTURE_DATES = False
Next by Date: Re: Fwd: jessie backport for Wordpress
Previous by thread: Re: Fwd: jessie backport for Wordpress
Next by thread: Re: Fwd: jessie backport for Wordpress
Index(es):
- Date
- Thread