Re: Incorrect information in security tracker regarding the mahara package

[Michael Gilbert <michael.s.gilbert@gmail.com>]

On 10/22/09, Francois Marier wrote:
> I'm one of the upstream developers (and the author of the advisory), but
> yes, we did review both 1.0 and 1.1 but only found the problem to be present
> in version 1.1.

thank you very much for the info.  i have updated the tracker.

> Both 1.0 and 1.1 are supported upstream, though the 1.0 series only gets
> security fixes.

if only 1.0 is security-supported upstream is it potentially a bad
idea to include 1.1 in squeeze since we need to be able to provide
full security support throughout the lifetime of that release?

mike