[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#767258: unblock: ruby2.1/2.1.4-1



On Wed, Oct 29, 2014 at 09:30:28PM +0100, Niels Thykier wrote:
> On 2014-10-29 17:15, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package ruby2.1, or age it so that it gets into testing
> > before the freeze.
> > 
> > This is a new bug fix only upstream release, which contains fixes for
> > two security issues. Quoting the changelog:
> > 
> >   * New upstream version
> >     - CVE-2014-8080: Denial of Service in XML Expansion
> >     - Changes default settings in OpenSSL bindings to not use deprecated and
> >       insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the
> >       "POODLE" bug in OpenSSL)
> > 
> > The debdiff against the package in testing is attached. It does contains
> > other bugfixes, but no API/ABI changes and nothing that should disrupt
> > existing software unless said software is actually depending on those
> > bugs.
> > 
> > [...]
> 
> The ruby2.1 package should migrate on its own tomorrow night, which is 5
> days before the freeze.  Unless its migration is stalled by something,
> there is no reason for us to add an unblock.  Accordingly, I will close
> this bug now.

I'm confused. I was under the assumption that at this point the urgency
field was being ignored and that all packages were waiting 10 days, so
that explicit aging had to be applied; I made 2 requests yesterday which
were handled by aging the packages to 5 days.

Is urgency=high handled differently?

> However, please keep an eye on Ruby2.1 to ensure it migrates to testing
> before the 5th of November.  If it has not migrated in a couple of days,
> please do not hesitate to contact us, so we can deal with it before the
> freeze occurs.

Sure. There are no open issues that I am aware of, and I don't expect
any to arise until the freeze.

-- 
Antonio Terceiro <terceiro@debian.org>

Attachment: signature.asc
Description: Digital signature


Reply to: