Package: drupal Version: 4.5.2-0 Severity: critical Tags: security, sarge John Goerzen <[EMAIL PROTECTED]> writes:
> On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote: >> Steve Langasek <[EMAIL PROTECTED]> writes: >> >> So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge >> because 4.5.3 fixes more than cited security issue? > > Why are you not using the simple patch available at > http://drupal.org/drupal-4.6.1 I had only been told that 4.5.3 which is supposed to fix some security issue had been released. Hoping that the release team would simply accept it into sarge, I just packaged that. BTW: Dries Buytaert, one of the main developers of Drupal, just told me that most of the other fixes in 4.5.3 are input checks. Moreover, the 4.5.3-2 package I uploaded also adds Vietnamese Debconf translations, which might qualify it for inclusion in Sarge. Again, there is _no_ added functionality over 4.5.2 in 4.5.3. I frankly don't see why the issue is still being discussed and casual comments are made about what a maintainer should do to "get it right". I'd rather not be responsible for stressing the security team nor the release team too much a few days before Sarge is going to be released. OTOH, I _have_ uploaded a package which fixes the security issue and I suppose I could just sit there and assume that this is ok until told otherwise. Cheers, -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]