[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#757342: wheezy-pu: package php5/5.4.31-0+deb7u1

On Wed, Aug 20, 2014 at 12:07:03PM +0200, Ondřej Surý wrote:
> On Wed, Aug 20, 2014, at 11:53, Moritz Mühlenhoff wrote:
> > On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: wheezy
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA256
> > > 
> > > Dear release team,
> > > 
> > > as discussed on #debian-release about possibility of having minor PHP5
> > > updates instead of hoarding various upstream patches, I am submitting
> > > a w-p-u bug to discuss that and to summarize my findings (and my
> > > positive attitude :).
> > 
> > If you as the primary PHP maintainer consider upstream QA work on 
> > minor point updates to be of sufficient quality, we can follow them
> > for future security updates. That policy has served us very well for
> > psql, e.g.
> 
> Do I read that correctly as "no need to go through s-p-u"?

If there are security issues worth a DSA, the PHP point relesae can be released
through security.debian.org, otherwise they need to go through s-p-u. That's
the same way we handled Postgres or the kernel (which also is based on the 3.2.x
point releases)

Cheers,
        Moritz
Reply to: