Bug#961443: buster-pu: package perl/5.28.2
Dominic Hargreaves
dom at earth.li
Mon Jun 29 21:34:07 BST 2020
On Sat, Jun 20, 2020 at 07:28:48PM +0100, Dominic Hargreaves wrote:
> Control: tags -1 - moreinfo
>
> On Thu, Jun 04, 2020 at 09:44:29AM +0100, Dominic Hargreaves wrote:
> > Control: tags -1 + moreinfo
> >
> > On Tue, Jun 02, 2020 at 12:14:27AM +0100, Dominic Hargreaves wrote:
> > > Further to the above, we now have a no-dsa security issue to push out
> > > to buster (and stretch, but we prefer a more traditional approach there
> > > because of the relative size of changes and age of the release).
> > >
> > > The security issues in question are tracked at #962005.
> > >
> > > I attach the additional diff between 5.28.2 and 5.28.3 (which was
> > > purely a security release) - again, excluding doc and version churn.
> > >
> > > Please do let me know if you would be okay with this approach, and
> > > we can get the ball rolling.
> >
> > We're no longer proposing this approach for the immediate update
> > pending concerns around smooth upgrades (cf #962138). We expect this
> > an be fixable but in the meantime I'm temporarily withdrawing the
> > proposal.
> >
> > Expect to see a regular point release proposal with cherry-picks
> > shortly (for both buster and stretch).
>
> Okay, we seem to have a stable fix for this issue (as of 5.30.3-4),
> so I think we can put the new version bump proposal for buster back on
> the table.
After further internal discussion we've decided that we'd prefer not to
take this approach but stick with targete fixes, at least for buster.
For bullseye we would like to start with the premise of keeping up to date
with patch releases of perl. I'll try and remember to start that discussion
in good time.
The other pu bug (#962237) including security fixes proposed for buster
is still outstanding - I await hopefully a response there.
Thanks
Dominic
More information about the Perl-maintainers
mailing list