[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze Exception Request - open-build-service



Hi Andrew,

[Please use reportbug next time as bugs are easier to track].

On 14-02-2019 08:45, Andrew Lee wrote:
> We have open-build-service 2.9.4-1 uploaded last week. It used to needs
> 2 days to goes into Buster due to it contains a various CVE fixes.

That urgency was not really warranted as open-build-service is not in
buster. It would have been good to mention that fact too. Also, these
CVE's are known for months.

> However it got blocked by two of it's build-deps: ruby-clockwork and
> ruby-jquery-ui-rails which we already fixed but needs more days to
> migrate after these two ruby packages.

Both of which are also not in buster. So you are requesting an exception
for all three.

> And there is a bug fixes upstream release 2.9.5 available. We better
> have this version in Buster to make CVE fixes backports earlier later.
> 
> Would you consider allowing the freeze exception for 2.9.4-1 that's
> already uploaded or also allowing we to have 2.9.5 release in Buster?

Why did you only fix this so late in the cycle? If the history I see is
correct, open-build-service has been out of testing since 2018-04-26.
Did you really have to wait until we were into the soft-freeze? So we
are missing the picture that tells us why you are so late. Can you
elaborate?

Paul

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: