Control: tag -1 moreinfo On Tue, Nov 04, 2014 at 07:30:09AM +0100, Laszlo Boszormenyi (GCS) wrote: > Upstream released MongoDB 2.6.0 too late for Jessie and started to > work for 2.8.0. Then I was blind to see they backport important fixes > for the 2.4.x tree. The 2.4.11 [1] and 2.4.12 [2] changelogs are > available, as well the upcoming 2.4.13 [3]. > I suspect it's too late to let them enter Jessie, but I'd be happy to > package them if allowed. At least I ask permission to use the security > fix[4] and disabling of the SSLv3 ciphers[5]. Which path may I take? > I should emphasize that the fixes included went through the 2.5 > development cycle and part of the current stable, 2.6 release tree. > The fixes backport done and tested by upstream itself. > I've already packaged 2.4.12 for Sid and all I had to change is to > adjust a small patch to apply clean without fuzz. I'll backport the > SSLv3 disable patch from 2.4.13 soon to the package.
Assuming the diffs are sane, I'll accept the security fix and the SSLv3 ciphers through sid please. -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
