[php-maint] Freeze exception: php5
Adam D. Barratt
adam at adam-barratt.org.uk
Tue Oct 19 18:30:55 UTC 2010
[Apologies for the delay in picking this up again.]
On Sun, 2010-10-10 at 22:16 +0200, Moritz Muehlenhoff wrote:
> On 2010-10-09, Adam D. Barratt <adam at adam-barratt.org.uk> wrote:
> > I have to admit that I don't follow PHP development particularly
> > closely. Would it be possible to briefly explain why 5.3.2 is
> > unsuitable for release, and 5.3.3 so much better?
> >
> > I did see from the changelog of the experimental upload that there are
> > some security fixes, but the other couple of bugs explicitly mentioned
> > there didn't sound particularly critical.
>
> Security issues in php5 releases are often identified later since not all
> security changes are clearly labeled by upstream. I would appreciate
> if 5.3.3 would enter Squeeze (if you prefer with an extended age-days
> of e.g. 20)
After further discussion, and looking at the security issues which
upstream acknowledge being fixed in 5.3.3, please go ahead with the
upload to unstable. I'm undecided yet whether to age the upload (and if
so by how much) but an earlier upload has more chance of being unblocked
earlier. :-)
fwiw, while perusing the upstream changelog for 5.3.3, I did spot a
couple of things which looked like they might cause issues, but I'm not
sure whether they affect any PHP code in Debian or, if so, to what
extent:
# Added fifth parameter to openssl_encrypt()/openssl_decrypt() (string
$iv) to use non-NULL IV. Made implicit use of NULL IV a warning. (Sara)
# Changed namespaced classes so that the ctor can only be named
__construct now. (Stas)
Regards,
Adam
More information about the pkg-php-maint
mailing list