[php-maint] php5 testing transition
Adam D. Barratt
adam at adam-barratt.org.uk
Sat May 5 18:49:20 UTC 2012
On Sat, 2012-05-05 at 20:39 +0200, Ondřej Surý wrote:
> On Sat, May 5, 2012 at 5:47 PM, Adam D. Barratt
> <adam at adam-barratt.org.uk> wrote:
> > On Sat, 2012-05-05 at 17:42 +0200, Thijs Kinkhorst wrote:
> >> On Sat, May 5, 2012 16:24, Adam D. Barratt wrote:
> >> > I'd like to try and get php5 migrated to testing over the next couple of
> >> > days. This does mean aging the 5.4.2-1 upload somewhat, but 5.4.1~rc1-1
> >> > had been in unstable for a month already and the diff from that looks
> >> > sane enough once you drop the auto-generated files.
> >>
> >> From a security standpoint I'd like to add that we expect a new PHP
> >> upstream rsn because of the highly publicised cgi vulnerability. I'm not
> >> sure if it would affect your transition plan though; I thought I'd mention
> >> it to be sure.
> >
> > For some reason I had it in my head that 5.4.2 was the upstream version
> > with the fixed fix rather than the not-quite fixed fix.
>
> I think this is the case (e.g. 5.4.2 is the fixed version).
I assume Thijs was referring to CVE-2012-2311, which covers the fix in
5.4.2 being incomplete.
> And in fact I was going to ask release team to help with transition after
> it ages a little bit and fixed r-deps are 10 days old.
I did notice that some of the NMUs for the r-deps were still quite
young, but the changes are largely trivial and in most cases affect only
a few lines of code so I'd be quite happy to age any/all of them.
Regards,
Adam
More information about the pkg-php-maint
mailing list