Hi Chris, On Wed, Mar 29, 2023 at 01:00:20AM +0100, Chris Lamb wrote: > Dear all, > > > The new version does not have any further regressions, as per > > https://qa.debian.org/excuses.php?package=redis. So I think that > > would be welcome to resolve all the CVEs still affecting bookworm. > > > > Chris, what is your take on it? > > Sorry for the delay in replying; some other things ate all my > bandwidth for considered thought in the last week or so.
No worries, we still have some time for bookworm. > > To cut a long story short: yes, I agree that the ideal solution is to > unblock 5:7.0.10-1 (ie. the version currently in unstable) for > bookworm and release bookworm with that. Thanks for confirming! > My gut feeling is that the 7.0.x branch will receive upstream-blessed > patches for security fixes for a little while. This would hopefully > make future DSAs relatively straightforward. (I doubt it will receive > specific updates for the entirety of the bookworm release, alas, but > that's out of our control). Either way, it makes sense to release with > the latest version of the 7.0.x branch. > > Salvatore, do you wish to request an unblock here (ie. of 5:7.0.10-1 > in sid to override 5:7.0.7-1 in bookworm) or shall I? (Would it have > more weight if you did it?) I do not think I have any special weight more on doing it ;-). If you can ask with a bugreport for an unblock that would be great, thank you Chris. Regards, Salvatore
