On 12/11/15 08:22, Hans de Graaff wrote: > On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote: >> # Justin Lecher <j...@gentoo.org> (28 Feb 2015) >> # Unfixed security problems >> # No upstream support anymore >> # CVE-2015-{0219,0220,0221,0222,5145} >> # #536586 >> # #554864 >> =dev-python/django-1.4* >> =dev-python/django-1.5* >> =dev-python/django-1.6* >> # Not supported by any django version upstream supports >> dev-python/south >> dev-python/Djblets >> dev-util/reviewboard > > Reviewboard upstream is now maintaining its own version of django 1.6 > for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja > ngo-1-6-11-1-security-releases/ > > Would we be able to keep reviewboard in the tree (with a bump to the > 2.5.x versions) with this? > > Hans >
To me it doesn't makes sense to release an unofficial version of the framework instead of bumping reviewboard to support the new LTS version of it. Anyway, the only way I see is that reviewboard bundles that version of django. I strongly object adding that version of django under dev-python/django as this will suggest the user, that there is still support by upstream for 1.6. Justin
signature.asc
Description: OpenPGP digital signature