Paul, just a quick reply - PHP already has a security (and if I remember correctly release) team exception from the last time. So, we already had this talk about upstream policies.
I’m happy to fill the template though when it’s not Sunday. Ondrej -- Ondřej Surý <ond...@sury.org> (He/Him) > On 26. 3. 2023, at 8:15, Paul Gevers <elb...@debian.org> wrote: > > Package: release.debian.org > Tags: moreinfo > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: ond...@sury.org > Control: affects -1 src:php8.2 > > Dear Ondřej, > > I just noticed that security bug 1031368 is fixed in unstable was fixed in > php8.2 version 8.2.3-1. That didn't migrate to testing because we're in the > freeze [1], you didn't request an unblock and (to be honest) I deferred when > I looked a while back because it involves a new upstream release. New > upstream versions are in principle against the freeze policy unless it's a > targeted-fix-only release. From a quick look at the upstream NEWS file, that > could very well be the case, can you confirm that? I'd like you to provide us > the usual information we use in the unblock process so I have added the > reportbug template below as an aid; the biggest question I have is: can you > point us at the upstream policy that explains what goes into their stable > releases? > > php8.2 is a key package. > > Paul > > [1] https://release.debian.org/testing/freeze_policy.html#hard > > Please unblock package php8.2 > > (Please provide enough (but not too much) information to help > the release team to judge the request efficiently. E.g. by > filling in the sections below.) > > [ Reason ] > (Explain what the reason for the unblock request is.) > > [ Impact ] > (What is the impact for the user if the unblock isn't granted?) > > [ Tests ] > (What automated or manual tests cover the affected code?) > > [ Risks ] > (Discussion of the risks involved. E.g. code is trivial or > complex, key package vs leaf package, alternatives available.) > > [ Checklist ] > [ ] all changes are documented in the d/changelog > [ ] I reviewed all changes and I approve them > [ ] attach debdiff against the package in testing > > [ Other info ] > (Anything else the release team should know.) > > unblock php8.2/8.2.4-1 >