On Wed, Aug 20, 2014 at 12:07:03PM +0200, Ondřej Surý wrote: > On Wed, Aug 20, 2014, at 11:53, Moritz Mühlenhoff wrote: > > On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote: > > > Package: release.debian.org > > > Severity: normal > > > Tags: wheezy > > > User: release.debian....@packages.debian.org > > > Usertags: pu > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA256 > > > > > > Dear release team, > > > > > > as discussed on #debian-release about possibility of having minor PHP5 > > > updates instead of hoarding various upstream patches, I am submitting > > > a w-p-u bug to discuss that and to summarize my findings (and my > > > positive attitude :). > > > > If you as the primary PHP maintainer consider upstream QA work on > > minor point updates to be of sufficient quality, we can follow them > > for future security updates. That policy has served us very well for > > psql, e.g. > > Do I read that correctly as "no need to go through s-p-u"?
If there are security issues worth a DSA, the PHP point relesae can be released through security.debian.org, otherwise they need to go through s-p-u. That's the same way we handled Postgres or the kernel (which also is based on the 3.2.x point releases) Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org