On 06/10/10 09:33, Michael Diers wrote: > On 2010-10-05 20:55, Max Bowsher wrote: >> On 05/10/10 13:53, Michael Diers wrote: >>> Peter Samuelson has submitted Subversion 1.6.12dfsg-2 to Debian >>> unstable. >>> >>> https://launchpad.net/debian/+source/subversion/1.6.12dfsg-2 >>> >>> The package will soon transition to Debian testing and eventually get >>> collected in bzr branch lp:debian/squeeze/subversion. >>> >>> This release primarily addresses CVE-2010-3315. Is anyone (Max?) >>> planning to merge this into our Lucid PPA? Otherwise I'll happily do >>> that, and also update the other supported branches. >> >> I'm happy to do so. Or you can. I don't mind. But, it's time for us to >> add a Maverick package, so whoever does should include that/ > > Right, I'm still slightly insecure when it comes to applying the tools > correctly, so I may have to double-check with this list before actually > causing havoc. Unless that's a problem, I'd like to give it a go. > >>> (And then there's Subversion 1.6.13 out, too.) >> >> Hmm. Why don't we just jump straight to that? NB that since Debian is in >> pre-release freeze, it's entirely likely that Peter will not upload >> that. Neither will it make its way into Ubuntu until some time after >> Natty Narwhal repositories open for general updates. > > Peter managed to get an "unblock request" acknowledged for 1.6.12dfsg-2, > so that will go into Squeeze by tomorrow. He intends to release 1.6.13 > to experimental or unstable once this has happened. > > I'd like to provide 1.6.12dfsg-2 to my existing user base, just for the > security fix. > > After that, sure, let's tackle 1.6.13.
Awfully conservative user base if they are hesitant to update by a micro-release, but OK, if you feel it's warranted, please go ahead. In that case I suggest you proceed by merging (and since there is no new upstream version nor odd branch divergence, plain old "bzr merge" is fine here) 1.6.12dfsg-2 from lp:debian/sid/subversion first into our lucid branch, to produce 1.6.12dfsg-2svn1, and thence onwards to karmic, jaunty, hardy. Let's skip Maverick for this version, to get the minimal security upload done for the released distributions. >> In which case, are you familiar with bzr-builddeb's 'bzr merge-package' >> command? We should definitely use it, it's the de-facto standard for >> importing upstream versions into a packaging branch. > > Sorry, I can't say I am, but I'll have a look. > >> Documentation may be scarce. I'll see what I can find and/or write a >> summary myself. > > That would be great, thanks in advance. And, once we've got 1.6.12dfsg-2svn1 up, I'll tackle merging 1.6.12dfsg-1ubuntu1 from Maverick through our stack of packaging branches, starting a Maverick branch, and merging 1.6.13 - and try to write some useful notes on what I did. Max.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~svn Post to : svn@lists.launchpad.net Unsubscribe : https://launchpad.net/~svn More help : https://help.launchpad.net/ListHelp
