Control: tags -1 moreinfo Hi David, On 26-03-2021 20:53, David Prévot wrote: > Please unblock package spip This package does have a bit of a track record for security issues. > [ Reason ] > Upstream just released a new minor version to improve PHP 7.4 compat > (latest version already improved PHP 7.3 compat). Since Bullseye ship > with PHP 7.4, including those fixes should avoid future issues (I had > to backport a PHP 7.3 compatibility issue with a buster-security upload > already to fix a serious issue with plugins handling). If I read the upstream CHANGELOG correctly, it seems that this was all put together in a short time (days). Are you aware of any tests in the package (I didn't spot them)? Does upstream have any testing infra? I'm seriously doubting if we'd not introduce more issues than we solve here. > [ Impact ] > On top of fixing possible problems, this update avoids filling the > web server error.log due to multiple warnings and deprecation notices. Ack. Are those fixes cherry-pickable? > [ Tests ] > I only tested the package manually, but I’m keeping an eye on upstream > issues that may arise about this new release. See above. This doesn't sound great. Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature