Hi,On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
Jonathan, in the ligth of #1108983, which should have ideally fixes landing in trixie before it's release, what is your take on git/1:2.50.0-1 for trixie (and those fixed later on top)? Is it ready to go? If so can you provide the release team with information/assessment to see if they can accept the unblock?
In line with our freeze policy [1], at this moment of the freeze, we'd only accept the fixes by reverting to the version in testing and applying targeted fixes on top of that version. Looking at the security tracker, it seems that there's a later version in the 2.47 series than we have in testing. I'm assuming that's a bug fix release upstream [2], although it does contain more commits than I expected [3]. (Maybe I'm holding it wrong, or they are indeed all needed to fix the CVE's).
Paul [1] https://release.debian.org/testing/freeze_policy.html[2] https://github.com/git/git/commit/a52a24e03c8c711f1d5e252fba78f9276908129b
[3] https://github.com/git/git/compare/v2.47.2...v2.47.3
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature