[php-maint] update to 5.3 in stable

Thijs Kinkhorst thijs at debian.org
Mon Feb 20 21:53:10 UTC 2012

On Mon, February 20, 2012 22:48, Lior Kaplan wrote:
>> Prepare this in the debian-squeeze branch, I'll try to squeeze it in
>> in next batch of security uploads.
> security updates makes too much noise (and should be minimal), I prefer to
> have it through the regular process. I'll let you know when it's ready.

Indeed - do not try to include security-irrelevant changes into a security
update please. They will (should) be rejected.

>> >> > Also, I though of providing a 5.3.10 as a backport, before we'll
>> >> > introduce 5.4 to unstable.
>> >>
>> >> That would be nightmare security-wise. There is are rule: package has
>> >> to be in testing to go to backports, you would have to provide
>> >> security for backported package. And I guess you don't want that as
>> >> much as I do :).
>> >
>> >
>> > I think you're wrong about having to support these packages security
>> wise...
>> > (at least the backport itself, the packages in testing is something
>> else).
>> http://backports-master.debian.org/Contribute/#index3h2
> "If you upload a package... ", not " you must provide updates for security
> issues".

I believe there's at least a somewhat moral obligation to do our best to
provide security support, backports is not a dump-and-run place and
especially many users will not understand that backports are not security
supported. It doesn't need the priority that stable has, but at least some
kind of commitment is necessary.


More information about the pkg-php-maint mailing list