Patrick Schoenfeld wrote: > Hi, > > today I've uploaded mantis 1.1.6 to experimental, but to summarize my > request: I really would like to see this version in Lenny. > > Background: > mantis is a web-application that suffered from a lot of security > problems in the past. It has improved a lot, but still security is a > problem, because the code base of mantis (although much overworked) is > still quiet old. Quiet a lot of work against such problems had already > been done for the 1.1.2 release, which was "just in time" for Lenny. > > With the 1.1.3 release the developers of mantis refined the form > security token implementation, to once at all fix some security issues > that popped up here and there without a proper solution. > As one might expect this rather intrusive change caused some regressions > in functionality, but since then _three_ releases was issued to fix > issues arised from this. It got a lot of testing (by me and by others) > and seems mature enough to use it in productive use. > > I firmly believe, that - although the current version in Lenny is usable > too - our users would benefit much from this version of mantis. I also > believe that it would reduce the support burden, if we keep near to > upstream and that the security improvements would make the security > teams life easier. > > mantis has no reverse dependencies and therefore it can't break or > disturb other packages in Debian. > > With the above stated rationale I'd like to upload mantis 1.1.6 to > unstable in a day or two and ask you to let it migrate when the 10 days > of testing in unstable have passed w/o unfixable problems.
Please upload and tell us when you did. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org