On 13/09/12 18:01, Moritz Muehlenhoff wrote: > On Fri, Aug 31, 2012 at 06:34:38PM +0200, Julien Cristau wrote: >> On Fri, Aug 31, 2012 at 10:37:25 +0200, Thorsten Glaser wrote: >> >>> The Release Notes say that 1.19.2 is a security-fix release, >>> and does not list any unrelated changes. Question is, (to the >>> more seasoned MW packagers) can we trust that, and (to the >>> Release Team) would it be acceptable to bump the upstream >>> version on that? >>> >> Can't answer without a diff. > > Mediawiki maintainers, what's the status? > > Cheers, > Moritz
All MediaWiki changes from x.y.z to x.y.z+1 are safe to do (to the best of our knowledge), and should be always applied since they are motivated by security fixes. In 1.19.2 they were more serious than other times. We do bundle the latest translations [for that branch] with the new release. Those are obviously not part of the security fixes (unless it added a new error message, which wasn't the case in 1.19.2) but they don't touch the code. An easy way to view the differences is to do: git diff d0c0aabb3c5d40688d2435c0963927da479a47e0 f25ee7006ff73f1cdf22cdd11401af31ef691b12 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org