[Secure-testing-team] Please unblock gallery 1.5.9-1
Moritz Muehlenhoff
jmm at inutil.org
Tue Nov 18 22:49:44 UTC 2008
On Tue, Nov 18, 2008 at 10:40:31PM +0100, Adeodato Simó wrote:
> * Moritz Muehlenhoff [Wed, 12 Nov 2008 00:13:21 +0100]:
>
> > On Tue, Oct 07, 2008 at 04:37:41PM -0400, Michael Schultheiss wrote:
> > > Adeodato Simó wrote:
> > > > > Unless there's more effort by upstream and the maintainer to address this
> > > > > by isolated patches and more detailed descriptions of vulnerabilities
> > > > > we should rather drop Gallery from Lenny.
>
> > > I'm fine with removing gallery from Lenny. Upstream does not have the
> > > resources to provide isolated patches.
>
> > I fear there's been a misunderstanding, my comment was targeted at Gallery
> > in the source package gallery2 (which I was I quoted in the Security Tracker
> > excerpt). Gallery 1.x (was packaged in the gallery source package seems
> > harmless. AFAICT right now gallery has been blocked instead of gallery2.
>
> Ok, I've marked gallery2 for removal. Regarding gallery (1), it seems
> that the two latest uploads that didn't make it into testing (last
> version in testing was 1.5.7) both fixed many or several security
> issues. Is that a package that should be released with Lenny?
Gallery 1.5.x seems okay to me.
> In any case, the diff from gallery 1.5.7 to 1.5.9 is huge, so I'm not
> sure what would have happened with it anyway...
That's up for you decide, maybe Michael can comment on it further.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list