[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1035748: unblock: modsecurity/3.0.9-1



control: tags -1 moreinfo

Hi,

On 28-05-2023 21:30, Alberto Gonzalez Iniesta wrote:
2) The risks on the release quality are almost zero. Only
libnginx-mod-http-modsecurity depends on it (being modsecurity a
library).

That's not the only part that we mean here. We also mean, how big is the risk we introduce new *unknown* issues.

4) No idea

Then I don't think so. If your upstream would have a decent stable update policy, they wouldn't introduce so many gratuitous changes (e.g. white space only).

6) Yes

I fail to spot it. Can you please point which version?

7) Its too long but mainly because of line numbers being updated in code
comments, like:
-#line 1459 "seclang-parser.yy"
+#line 1461 "seclang-parser.yy"
8) Not that many code changes

Yet there is a huge amount of white space changes and other changes that look gratuitous. This is really not looking like a targeted fix. @Salvatore, can we do a targeted security upload via security?

9) Not that difficult :-)

Might be, but impossible to review between all the cruft.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


Reply to: