Hi, today I've uploaded mantis 1.1.6 to experimental, but to summarize my request: I really would like to see this version in Lenny. Background: mantis is a web-application that suffered from a lot of security problems in the past. It has improved a lot, but still security is a problem, because the code base of mantis (although much overworked) is still quiet old. Quiet a lot of work against such problems had already been done for the 1.1.2 release, which was "just in time" for Lenny. With the 1.1.3 release the developers of mantis refined the form security token implementation, to once at all fix some security issues that popped up here and there without a proper solution. As one might expect this rather intrusive change caused some regressions in functionality, but since then _three_ releases was issued to fix issues arised from this. It got a lot of testing (by me and by others) and seems mature enough to use it in productive use. I firmly believe, that - although the current version in Lenny is usable too - our users would benefit much from this version of mantis. I also believe that it would reduce the support burden, if we keep near to upstream and that the security improvements would make the security teams life easier. mantis has no reverse dependencies and therefore it can't break or disturb other packages in Debian. With the above stated rationale I'd like to upload mantis 1.1.6 to unstable in a day or two and ask you to let it migrate when the 10 days of testing in unstable have passed w/o unfixable problems. Best Regards, Patrick
Attachment:
signature.asc
Description: Digital signature