2005 releases were the best, I wouldn't use newer only if I have a good reason to do so.
On Mon, Aug 2, 2010 at 4:16 PM, Lane, Ryan <[email protected]> wrote: >> I haven't read all the documents, but have these researchers taken >> into account backported fixes? >> >> My gut feeling is that the "preference" for 1.12 is simply due to its >> inclusion in Debian stable [1]. The maintainer seems to be actively >> backporting security fixes [2], so while I agree that these versions >> may enjoy less community support, they should not be considered broken >> on the basis of the version number alone. >> >> This, of course, unless it is certain that some vulnerabilities are >> still present in the Debian version. If you are aware of the existence >> of such a problem, I would recommend you contact >> <[email protected]>. Otherwise, the situation might not be as >> dangerous as it seems. >> >> On the topic of facilitating upgrades: perhaps we should emphasize the >> option to install and upgrade using SVN, which is probably very >> convenient for users that are comfortable with the command line. >> Moodle has this in the official documentation and I find it very >> useful [3]. SVN could also be handy as the backend for a user-friendly >> upgrade procedure, as it already deals with local modifications and >> such. >> > > As someone who has had their code patched by the debian team, I'd like to > take the time to bitch about this. > > Firstly, their patches are often incorrect. Secondly, though they've patched > my LDAP extension a number of times, I have *never* received a bug report or > a patch from them for something they've fixed. It is extremely annoying to > see a fix has been around that I could have used months before someone > reports a problem to me. Beyond anything else this bothers me the most. They > really need to be better community members in regards to this. Lastly, > packaging and maintaining such an old version of MediaWiki does a disservice > to us, and their users. We don't support versions of MediaWiki that old. I > understand that Debian backports security fixes for MediaWiki, but they > don't backport new features, and don't backport all bug fixes. Additionally, > Debian doesn't backport security fixes for all extensions. Not all extension > developers bother maintaining backwards compatibility, and the only possible > way to get security fixes is to upgrade MediaWiki and the extension. > > Please Debian, keep your version of MediaWiki up to date at least to the > oldest stable release, and please send your fixes upstream when you find > unfixed bugs. > > Respectfully, > > Ryan Lane > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
