[php-maint] [Pkg-php-commits] r1243 - php5/branches/etch/debian

Raphael Geissert atomo64+debian at gmail.com
Wed Jan 28 18:33:30 UTC 2009


Hi Thijs, Sean,

2009/1/28 Thijs Kinkhorst <thijs at debian.org>:
> Hi Sean,
>
> On tiisdei 27 Jannewaris 2009, Sean Finney wrote:
>>   * Backport the patch from lenny/sid to use the system timezone database
>>     instead of the embedded php timezone database which is out of date.
>>     Patch: 143-use_embedded_timezonedb.patch (closes: #471104).
>>   * Repack the etch version of php5, stripping out the (unused) dbase
>>     module which contained licensing problems (closes: #498621).
>
> Are you planning on letting this upload go through stable-security? Because
> the changes listed above are not changes that are usually considered
> appropriate for the security archive. Especially the latter change changes
> the behaviour of php5 on stable which is not something expected to happen
> with a mere security update.

It is a RC bug, and the dbase extension was not being built anyway,
what's the matter?
Unless you go and try to convince the copyright owner to re-licence it
under a DFSG-free licence.

>
> I think an upload to security with the security fixes and after its release
> one to stable with the other fixes may be the best way to go. CC'ing the
> security team in case anyone has further comments.
>

I can't speak for Sean, but doing that IMHO would be suboptimal and
too much hassle. In the event that somebody actually builds the dbase
extension by hand, they could keep using the one they have previously
built, it won't break at all.

> I'm still a bit wary about just ripping out dbase support in the middle of the
> stable lifetime. People rely on the behaviour of a release once it has been
> made. Is the risk on negative consequences of keeping it really significant?
>
>

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net



More information about the pkg-php-maint mailing list