Re: Please allow drupal 4.5.3-1
Tags: security, sarge
John Goerzen <email@example.com> writes:
> On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote:
>> Steve Langasek <firstname.lastname@example.org> writes:
>> So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge
>> because 4.5.3 fixes more than cited security issue?
> Why are you not using the simple patch available at
I had only been told that 4.5.3 which is supposed to fix some security
issue had been released. Hoping that the release team would simply
accept it into sarge, I just packaged that.
BTW: Dries Buytaert, one of the main developers of Drupal, just told
me that most of the other fixes in 4.5.3 are input checks. Moreover,
the 4.5.3-2 package I uploaded also adds Vietnamese Debconf
translations, which might qualify it for inclusion in Sarge.
Again, there is _no_ added functionality over 4.5.2 in 4.5.3. I
frankly don't see why the issue is still being discussed and casual
comments are made about what a maintainer should do to "get it right".
I'd rather not be responsible for stressing the security team nor the
release team too much a few days before Sarge is going to be released.
OTOH, I _have_ uploaded a package which fixes the security issue and I
suppose I could just sit there and assume that this is ok until told