control: tags -1 moreinfo Hi, On 28-05-2023 21:30, Alberto Gonzalez Iniesta wrote:
2) The risks on the release quality are almost zero. Only libnginx-mod-http-modsecurity depends on it (being modsecurity a library).
That's not the only part that we mean here. We also mean, how big is the risk we introduce new *unknown* issues.
4) No idea
Then I don't think so. If your upstream would have a decent stable update policy, they wouldn't introduce so many gratuitous changes (e.g. white space only).
6) Yes
I fail to spot it. Can you please point which version?
7) Its too long but mainly because of line numbers being updated in code comments, like: -#line 1459 "seclang-parser.yy" +#line 1461 "seclang-parser.yy" 8) Not that many code changes
Yet there is a huge amount of white space changes and other changes that look gratuitous. This is really not looking like a targeted fix. @Salvatore, can we do a targeted security upload via security?
9) Not that difficult :-)
Might be, but impossible to review between all the cruft. Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature