[DRE-maint] Bug#754969: src:rails-3.2: rails-3.2 should not be part of next stable due lack of security updates

[Ondřej Surý]

Package: src:rails-3.2
Version: 3.2.18-1
Severity: serious
Justification: unsuitable for release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

As discussed in debian-ruby-extras, we must not release next Debian
stable with rails that we could support security wise.

rails-3.2 is an "Last major release series"[1] and it will stop being
supported when next major release of rubyonrails is out.

Unfortunatelly this also means that we won't ship any r-deps including
redmine, but we really need to prevent the security nightmare we have
with rails-2.3+redmine in Debian wheezy.

1. http://rubyonrails.org/security/

O.

- -- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (900, 'stable'), (800, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTxm9uAAoJEAyZtw70/LsHoEgP/A1HCuJ4qXc4r7ilMAKoZtH9
QHqET4BHwcnLiRKzEw3Ju80NXGqUtzaZOCGR2Tq0j580MFqAnbhrcnmfg8KewQuR
35rDCFFUyFtxqPcvQV954qo7DlmHn+mMnO3PQ4hsxBJhIWgVcBWJqtPnxN9XmWh5
T/efgVKFdwYOOFG6i7ywHsIuS3NeinEGIbFbbAwZIjdcZFCO2I/yuXY5kTrm+g4O
ygZut4GCB+rD8BJpOmcgl2glq1/5ou9RPt43B+rNV7eXw2SH2n6S/DcL950LTr3D
wVDqGF1zaFpvmi4ld6Dw075kPnwE04+Riya6W+qQR2dwl0LgOH9PC3WQo344BemZ
PFrYt3d4iiX1EF7fJWmN5vgfiNTwf6omwhe8ESKKz0/57CpAnhn/GwFJAgHxl4a0
Y/yXsiXfvtISysxGf9auQiIh4RL82NOCFHhQbhCjUT4rGhH1w1N7zKol1WF6yhp5
zigdzc9g/2invL/FToniqsV3tO9zjjxKRc03iFnTBt68t5FMHp5i2JV8TiBssKbF
GVu+qZjmrJ6W6OY1OHM9X3nChD+kbBG/nR666gr9St2FdWyl2fmy6Q7Yepbwyqrl
jfYAO1pHjox2m+fo1ZbHcCAnu1O+5TEbz0ndrc0iyTpQlHlu61258kZH+K1BHx1b
c7xEhhvp84wgX2TqLb4Z
=kLO6
-----END PGP SIGNATURE-----