Re: Freeze exception quassel 0.7.1-1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: "Thomas Mueller" <thomas.mueller@tmit.eu>, debian-release@lists.debian.org
Subject: Re: Freeze exception quassel 0.7.1-1
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Tue, 28 Sep 2010 16:00:59 +0200 (CEST)
Message-id: <[🔎] becb429deb8a915498826148d82a0a71.squirrel@webmail.tmit.eu>
Reply-to: thomas.mueller@tmit.eu
In-reply-to: <[🔎] 1285270766.5424.20.camel@hathi.jungle.funky-badger.org>
References: <[🔎] 201009232037.54453.thomas.mueller@tmit.eu> <[🔎] 1285270766.5424.20.camel@hathi.jungle.funky-badger.org>

Am Do, 23.09.2010, 21:39, schrieb Adam D. Barratt:
> On Thu, 2010-09-23 at 20:37 +0200, Thomas Mueller wrote:
>> I'd like to ask you for a freeze exception of quassel 0.7.1.
>> The current version of quassel in testing is 0.6.1-2.
>> This version has a security hole as documented in [1] and in this bug
>> report
>> as well [2].
>>
>> To fix this issue I could upload 0.6.3,
>
> Or 0.6.1-3 containing just the security fix.  (Jumping to 0.6.3 assumes
> that all of the changes in 0.6.2 are okay; I haven't checked each of
> them, but there appear to be a couple of dozen of them).
>

preparing a 0.6.1-3 seems odd to me, because is contains already 12
known bugs, which have been fixed in 0.6.2.
Are we interested in deliver buggy software to our users? i'm not!

>> but this is already a some kind of
>> outdated branch within quassel develoment as 0.7 has been released
>> recently.
>
> The diff between the 0.6.1 and 0.7.1 packages (ignoring .po changes) is
>
>  167 files changed, 5192 insertions(+), 888 deletions(-)
>
> whereas the 0.6.2 to 0.6.3 diff (i.e. what's labelled as the security
> fix) is nearer 60-70 lines.
>
> 0.7.0 appears to have been tagged upstream a little over a week ago;
> that's a bit soon to be declaring 0.6 "outdated", isn't it?
>

well, a user interesting in quassel will most likely look of a 0.7.x
version. in every other distro 0.7.x will be/has been delivered.

that's why i call it outdated.

>> 0.7.1 fixes a security hole within 0.7.0
>>
>> Package for 0.7.1 has been uploaded unstable on September 21st.
>
> It would have been appreciated if you'd sent this mail _before_ doing
> that (or uploaded to experimental in the meantime).
>
Next time I'll contact the release team in advance.
Upload to experimental feels odd for me - upstream has officially released
0.7 - this is not experimental - right?

> Regards,
>
> Adam
>
>

Finally: what are we going to do?
Will anybody get hurt, if we "unfreeze" quassel 0.7.1-1?
In case squeeze will deliver a 0.6, I'll deliver 0.7 to backports asap.
The official 0.6 will most likely be unused  - no need to deliver it then
within squeeze.
I'll most likely request a removal from squeeze.

Regards,

Thomas

-- 
Thomas Müller			E-Mail: thomas.mueller@tmit.eu

Reply to:

Follow-Ups:
- Re: Freeze exception quassel 0.7.1-1
  - From: Mehdi Dogguy <mehdi@dogguy.org>
- Re: Freeze exception quassel 0.7.1-1
  - From: Michael Biebl <biebl@debian.org>

References:
- Freeze exception quassel 0.7.1-1
  - From: Thomas Mueller <thomas.mueller@tmit.eu>
- Re: Freeze exception quassel 0.7.1-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Permission to upload PokerTH 0.7.1-2 for Squeeze
Next by Date: Bug#598363: unblock: maint-guide/1.2.23
Previous by thread: Re: Freeze exception quassel 0.7.1-1
Next by thread: Re: Freeze exception quassel 0.7.1-1
Index(es):
- Date
- Thread