[Secure-testing-team] Please unblock gallery 1.5.9-1

Adeodato Simó dato at net.com.org.es
Tue Nov 18 21:40:31 UTC 2008


* Moritz Muehlenhoff [Wed, 12 Nov 2008 00:13:21 +0100]:

> On Tue, Oct 07, 2008 at 04:37:41PM -0400, Michael Schultheiss wrote:
> > Adeodato Simó wrote:
> > > > Unless there's more effort by upstream and the maintainer to address this 
> > > > by isolated patches and more detailed descriptions of vulnerabilities
> > > > we should rather drop Gallery from Lenny.

> > I'm fine with removing gallery from Lenny.  Upstream does not have the
> > resources to provide isolated patches.

> I fear there's been a misunderstanding, my comment was targeted at Gallery
> in the source package gallery2 (which I was I quoted in the Security Tracker
> excerpt). Gallery 1.x (was packaged in the gallery source package seems
> harmless. AFAICT right now gallery has been blocked instead of gallery2.

Ok, I've marked gallery2 for removal. Regarding gallery (1), it seems
that the two latest uploads that didn't make it into testing (last
version in testing was 1.5.7) both fixed many or several security
issues. Is that a package that should be released with Lenny?

In any case, the diff from gallery 1.5.7 to 1.5.9 is huge, so I'm not
sure what would have happened with it anyway...

-- 
Adeodato Simó                                     dato at net.com.org.es
Debian Developer                                  adeodato at debian.org
 
                                  Listening to: Dar Williams - After All




More information about the Secure-testing-team mailing list