Bug#1108984: unblock: git/1:2.50.0-1 (discussion)
Hi Paul,
On Thu, Jul 17, 2025 at 07:43:47AM +0200, Paul Gevers wrote:
> Hi,
>
> On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso <carnil@debian.org>
> wrote:
> > Jonathan, in the ligth of #1108983, which should have ideally fixes
> > landing in trixie before it's release, what is your take on
> > git/1:2.50.0-1 for trixie (and those fixed later on top)? Is it ready
> > to go? If so can you provide the release team with
> > information/assessment to see if they can accept the unblock?
>
> In line with our freeze policy [1], at this moment of the freeze, we'd only
> accept the fixes by reverting to the version in testing and applying
> targeted fixes on top of that version. Looking at the security tracker, it
> seems that there's a later version in the 2.47 series than we have in
> testing. I'm assuming that's a bug fix release upstream [2], although it
> does contain more commits than I expected [3]. (Maybe I'm holding it wrong,
> or they are indeed all needed to fix the CVE's).
Your analysis is correct and the fixes are as well in v2.43.7, but I
think we really need an action here from Jonathan.
Jonathan, time is expring now really given we know when the full
freeze is and the trixie releae on 9th of august. How do we move
forward with src:git?
Regards,
Salvatore
Reply to: