[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tomcat6 wheezy DSA (was/and Re: tomcat6_6.0.41-2+squeeze5_amd64.changes REJECTED


On Sonntag, 23. November 2014, Mark Hymers wrote:
> Anyways, it's now just
> based on oldstable - I expect this to bite us at some point, but
> probably better this way than not being able to get security fixes in.

...and it just bit us. Gah.

So when I was about to kick of pbuilder for the wheezy tomcat6 update I looked 
at the .dsc files and saw this:


And realized, this is bad, squeeze-lts would have a higher version than 

So tomcat6_6.0.41-2+deb7u1, no, that won't work, still lower version than 

So tomcat6_6.0.41-3~deb7u1 and "praying" that -3 will go into jessie. (Which 
is actually the right thing (I think), but still needs some work. (#770769))

And while tomcat6_6.0.41-3~deb7u1 would work regarding squeeze-lts, it will 
not work for wheezy-security now (AIU), as jessie has a lower version atm.

Did I miss something?

I'll now proceed with uploading tomcat-native to squeeze-lts and leave the 
tomcat6|tomcat-native uploads for now... grumble.

	Holger, who "takes credits" for choosing 6.0.41-2+squeeze5 and not 
		6.0.41-2~deb6u1... hindsight and all that.

https://wiki.debian.org/LTS/Development misses instructions for this use case 
(updating to a new upstream version which is the same as in wheezy) but should 
probably get some (as soon as we figured out whats proper), so we don't repeat 
this mistake. For now I'd wish to file a bug so we don't forget but against 
which package?

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: