On 06/10/10 12:08, Max Bowsher wrote: > On 06/10/10 09:33, Michael Diers wrote: >> On 2010-10-05 20:55, Max Bowsher wrote: >>> On 05/10/10 13:53, Michael Diers wrote: >>>> Peter Samuelson has submitted Subversion 1.6.12dfsg-2 to Debian >>>> unstable. >>>> >>>> https://launchpad.net/debian/+source/subversion/1.6.12dfsg-2 >>>> >>>> The package will soon transition to Debian testing and eventually get >>>> collected in bzr branch lp:debian/squeeze/subversion. >>>> >>>> This release primarily addresses CVE-2010-3315. Is anyone (Max?) >>>> planning to merge this into our Lucid PPA? Otherwise I'll happily do >>>> that, and also update the other supported branches. >>> >>> I'm happy to do so. Or you can. I don't mind. But, it's time for us to >>> add a Maverick package, so whoever does should include that/ >> >> Right, I'm still slightly insecure when it comes to applying the tools >> correctly, so I may have to double-check with this list before actually >> causing havoc. Unless that's a problem, I'd like to give it a go. >> >>>> (And then there's Subversion 1.6.13 out, too.) >>> >>> Hmm. Why don't we just jump straight to that? NB that since Debian is in >>> pre-release freeze, it's entirely likely that Peter will not upload >>> that. Neither will it make its way into Ubuntu until some time after >>> Natty Narwhal repositories open for general updates. >> >> Peter managed to get an "unblock request" acknowledged for 1.6.12dfsg-2, >> so that will go into Squeeze by tomorrow. He intends to release 1.6.13 >> to experimental or unstable once this has happened. >> >> I'd like to provide 1.6.12dfsg-2 to my existing user base, just for the >> security fix. >> >> After that, sure, let's tackle 1.6.13. > > Awfully conservative user base if they are hesitant to update by a > micro-release, but OK, if you feel it's warranted, please go ahead. > > In that case I suggest you proceed by merging (and since there is no new > upstream version nor odd branch divergence, plain old "bzr merge" is > fine here) 1.6.12dfsg-2 from lp:debian/sid/subversion first into our > lucid branch, to produce 1.6.12dfsg-2svn1, and thence onwards to karmic, > jaunty, hardy. > > Let's skip Maverick for this version, to get the minimal security upload > done for the released distributions. > >>> In which case, are you familiar with bzr-builddeb's 'bzr merge-package' >>> command? We should definitely use it, it's the de-facto standard for >>> importing upstream versions into a packaging branch. >> >> Sorry, I can't say I am, but I'll have a look. >> >>> Documentation may be scarce. I'll see what I can find and/or write a >>> summary myself. >> >> That would be great, thanks in advance. > > And, once we've got 1.6.12dfsg-2svn1 up, I'll tackle merging > 1.6.12dfsg-1ubuntu1 from Maverick through our stack of packaging > branches, starting a Maverick branch, and merging 1.6.13 - and try to > write some useful notes on what I did.
Maverick's released. I'd like to do this soon. Please let me know if you still intend to bother with 1.6.12dfsg-2. Max.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~svn Post to : svn@lists.launchpad.net Unsubscribe : https://launchpad.net/~svn More help : https://help.launchpad.net/ListHelp
