Your ruby1.9.1 stable upload

To: Daigo Moriwaki <daigo@debian.org>
Cc: debian-release@lists.debian.org
Subject: Your ruby1.9.1 stable upload
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 27 Feb 2011 15:52:07 +0000
Message-id: <[🔎] 1298821927.535.11156.camel@hathi.jungle.funky-badger.org>

Hi,

I noticed that you've uploaded a new upstream version of ruby1.9.1 to
stable, in order to fix CVE-2011-1004.  Whilst it is great that you're
working on fixing this sort of issue in stable, uploading new upstream
versions is generally not appropriate, and certainly not without prior
discussion with the release team.

Severity: normal bugs (e.g. #578169) are also generally not suitable for
fixing in stable, particularly when they involve changes to the
package's build-dependencies and the changes have not yet been applied
to unstable.

Was this discussed with the security team, as to whether they would like
to issue a DSA for the issue?

Regards,

Adam

Reply to:

Follow-Ups:
- Re: Your ruby1.9.1 stable upload
  - From: Daigo Moriwaki <moriwaky@gmail.com>

Prev by Date: Re: Stable update of dajaxice
Next by Date: Re: [SRM] Stable update for nautilus
Previous by thread: Re: [SRM] Stable update for nautilus
Next by thread: Re: Your ruby1.9.1 stable upload
Index(es):
- Date
- Thread