[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Situation for redis for bookworm?

Hi Chris,

On Wed, Mar 29, 2023 at 01:00:20AM +0100, Chris Lamb wrote:
> Dear all,
> 
> > The new version does not have any further regressions, as per
> > https://qa.debian.org/excuses.php?package=redis. So I think that
> > would be welcome to resolve all the CVEs still affecting bookworm.
> >
> > Chris, what is your take on it?
> 
> Sorry for the delay in replying; some other things ate all my
> bandwidth for considered thought in the last week or so.

No worries, we still have some time for bookworm.
> 
> To cut a long story short: yes, I agree that the ideal solution is to
> unblock 5:7.0.10-1 (ie. the version currently in unstable) for
> bookworm and release bookworm with that.

Thanks for confirming!

> My gut feeling is that the 7.0.x branch will receive upstream-blessed
> patches for security fixes for a little while. This would hopefully
> make future DSAs relatively straightforward. (I doubt it will receive
> specific updates for the entirety of the bookworm release, alas, but
> that's out of our control). Either way, it makes sense to release with
> the latest version of the 7.0.x branch.
> 
> Salvatore, do you wish to request an unblock here (ie. of 5:7.0.10-1
> in sid to override 5:7.0.7-1 in bookworm) or shall I? (Would it have
> more weight if you did it?)

I do not think I have any special weight more on doing it ;-). If you
can ask with a bugreport for an unblock that would be great, thank you
Chris.

Regards,
Salvatore
Reply to: