hi everyone, excuse the cross-posting, i just want to make sure everyone's on the same page for what should be next for php5 -> lenny quick recap: when we last left off[1] Raphael was seeking pre-approval of a lenny-targeted upload of php5. because of library dependency changes, this needed to go through t-p-u. Marc had some objection/concern due to the size of the interdiff, which does admittedly contain a number of newly imported patches from gentoo. Raphael pointed out that most/all of these patches were crashfixes (and some of them are also lower-prio security fixes) and that a lot of the size was due to whitespace changes and diff-within-diff quilt patches. Marc asked for a diff -w style output of the diff, but shortly after this a new batch of vulnerabilities/issues came to light and we started on incorporating them before pushing any more on this issue. so, here we are about a month later and now we're looking at lenny again, only now the diff is a little bigger :) someone suggested to look at using testing-security as a path to lenny for this change since many (but not all) of the fixes are security related it feels a little sketchy to me to be honest, so i was hoping for a direct ACK/NACK on that from the security/release folks. particularly, if it does go through testing-security, i'd want to know that when lenny becomes stable that the packages are somehow transitioned as well. i've attached the raw interdiff for the new lenny2 version. the diff size isn't as scary as it looks, as previously mentioned there's a lot of noise from the diff-within-diff and whitespace changes. for better review i've attached a second diff, which is the result of unpacking both versions of package, applying all the quilt patches, removing the ".pc" quilt directories, and and doing a diff between the two patched trees (diff -x debian -Nrub lenny1 lenny2). this should hopefully make examining the changes from the quilt patches a little easier. so please let us know whether this is suitable for either/neither the t-p-u route or the testing-security route, and if neither, what needs to be done to get something to lenny. thanks! sean [1] http://lists.debian.org/debian-release/2008/12/msg00107.html --
Attachment:
lenny1-lenny2.interdiff.gz
Description: Binary data
Attachment:
lenny1-to-lenny2.diff-Nruw.diff.gz
Description: Binary data
Attachment:
signature.asc
Description: Digital signature