Re: Advise on next steps concerning upload and unblock request

[Thomas Müller <thomas.mueller@tmit.eu>]

Hi Cyril,
hi Release-Team,

the ownCloud upstream project did some intensive security bug hunting within the past days,
which will lead to a new upstream release 4.0.7 (being published the next 2 days).

Last week as a security vulnerability was communicated via securtiy@debian.org I started to backport
the fix to 4.0.5. But already the next day 3 additional vulnerabilities have been reported.

I think it's some kind of stupid to backport all fixes of 4.0..7 to 4.0.5 and end up with a 4.0.5 looking 
more like a 4.0..7.

For sure I can package 4.0.7, upload and ask for a freeze exception, but does this make sense?
As ownCloud is under heavy development and for sure bugs will pop up quite often, does it make sense 
to write you an email every Monday again? :-(


Thanks a lot for your time and help,

Thomas

PS:
As 4.0.7 has not yet been tagged in git I can point you to the branch 'sable4':
https://gitorious.org/owncloud/owncloud/commits/stable4



Am Mittwoch, dem 08.08.2012 um 0:35 schrieb Cyril Brulebois:
> Hello Thomas.
> 
> Thomas Müller <thomas.mueller@tmit.eu> (07/08/2012):
> > The security issues have not been introduced in .5 - they exist since
> > day one.  Are suggesting to push the .6 as experimental to have .5 and
> > .6 available?
> 
> That would be nice, people could then grab it from there and start
> toying with it.
> 
> > I'm also unhappy about the addition of smb and reported that upstream
> > some time ago.  But the addition can  more or less be ignored as it's
> > part of an experimental feature, which is still under development:
> > External Storage
> > 
> > I was already thinking about stripping this feature completely.
> 
> OK, I see. If you could make sure this experimental feature isn't made
> available, that would be nice, I guess.
> 
> Mraw,
> KiBi.