[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Unblock request for mantis


today I've uploaded mantis 1.1.6 to experimental, but to summarize my
request: I really would like to see this version in Lenny.

mantis is a web-application that suffered from a lot of security
problems in the past. It has improved a lot, but still security is a
problem, because the code base of mantis (although much overworked) is
still quiet old. Quiet a lot of work against such problems had already
been done for the 1.1.2 release, which was "just in time" for Lenny.

With the 1.1.3 release the developers of mantis refined the form
security token implementation, to once at all fix some security issues
that popped up here and there without a proper solution.
As one might expect this rather intrusive change caused some regressions
in functionality, but since then _three_ releases was issued to fix
issues arised from this. It got a lot of testing (by me and by others)
and seems mature enough to use it in productive use.

I firmly believe, that - although the current version in Lenny is usable
too - our users would benefit much from this version of mantis. I also
believe that it would reduce the support burden, if we keep near to
upstream and that the security improvements would make the security
teams life easier.

mantis has no reverse dependencies and therefore it can't break or
disturb other packages in Debian.

With the above stated rationale I'd like to upload mantis 1.1.6 to
unstable in a day or two and ask you to let it migrate when the 10 days
of testing in unstable have passed w/o unfixable problems.

Best Regards,

Attachment: signature.asc
Description: Digital signature

Reply to: