[Secure-testing-team] squeeze webkit security update
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Feb 21 18:20:40 UTC 2011
On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> Hi Mike,
>
> On Monday 21 February 2011 18:23:52 Michael Gilbert wrote:
> > I've prepared a package for the new stable upstream webkit 1.2 branch
> > [0]. That branch now only contains security fixes. Would it be OK to
> > push this new upstream version as a DSA for squeeze?
>
> Thanks. I think conceptually this is a good idea, I do have some practical
> issues with the current package:
>
> - The version number 1.2.7-1 won't work for stable since this is higher than
> testing/unstable. In the past this would be propagated automatically to the
> latter ones but I think that hasn't worked for many years now.
Is there any way to restore this functionality? This would be the
ideal solution.
> The best way
> forward depends a bit on the plan for sid:
> * If you want upload 1.2.7-1 there,you can upload 1.2.6-2+1.2.7-1 (or
> something like 1.2.7-0+squeeze1 when wheezy has 1.2.7-1) to squeeze.
> * If you want to upload 1.3 there, we can accept 1.2.7-1 in squeeze as soon as
> 1.3 is in testing.
We're planing to only upload security updates to sid/wheezy for a while
now (until the next stable upstream webkit release). It would be
preferable if we can make one upload to all three (squeeze, wheezy,
sid) at the same time.
> - The changelog doesn't seem to mention any CVE id's.
Oops, I do need to fix that.
> - You add yourself as maintainer and DM-uploader even though you don't have
> that position in unstable. Is this agreed upon with the current maintenance
> team?
Yes, I've been working with Gustavo to prepare this update, and I
think he agrees with DM-uploader status for me (I've CC'd the webkit
maintainers for a response).
Best wishes,
Mike
More information about the Secure-testing-team
mailing list