I see that it's a mandatory requirement that we bring the newest upstream
version, v2.13.2, updating from v2.9.1.
I would like to skip this step, for the following reasons:
- There are no open CVEs against the current version of the package in
Ubuntu/Debian
- This package holds no Ubuntu delta, it's a sync from Debian
- Debian didn't bring in the newer version yet, because of the current Full
Freeze. This freeze will be lifted after the release (which happens in a couple
weeks). That means
a) We need to go ahead of Debian to merge the upstream version, and
b) It's likely that Debian can bring this version soon enough in the future
- The delta between the Ubuntu/Debian version and the upstream version isn't
small or trivial. It will take some time to review the changes and make sure
everything is rounded up for the MIR. IMHO jumping ahead of Debian here brings
in more risk than waiting.
Do you think we could proceed with the MIR with the current Ubuntu
version instead?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115398
Title:
[MIR] ruby-json
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-json/+bug/2115398/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
