On 12/28/11 05:51, Jordon Bedwell wrote: > On Wed, Dec 28, 2011 at 2:54 AM, Adam D. Barratt > <a...@adam-barratt.org.uk> wrote: >> On 28.12.2011 07:56, Patrick Geschke wrote: >>> Hey, >>> >>> @Maintainers: Whats the overall Status of the package? >>> >>> According to php.net 5.3.8 is stable. >> >> 5.3.8 is in both testing and unstable - see >> http://packages.qa.debian.org/p/php5.html >> >> Debian stable doesn't generally get new upstream versions of packages. >> >> Regards, >> >> Adam >> >> >> >> -- >> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> http://lists.debian.org/f53555ce02d37a0ad7b0ef133d97d...@mail.adsl.funky-badger.org >> > New upstream version is used pretty loosely here. I would hardly > consider a bug fix release a new version. You guys treat versions as > if they're a matter of national security, because 5.3.7 vs 5.3.8 is > obviously gonna have some major major API changes and some way new > features. > > The main issue is that the patch from, say, 5.3.7 to 5.3.8 is a patchset. A DD can't simply put this patch into a package and say "Here are all the security updates." One must split the patchset up and document what each patch does. Since I'm guessing the PHP developers don't handle there releases like that it's up to the DD to perform this task.
The DD may likely opt to completely ignore the 5.3.7 to 5.3.8 patch and just take the appropriate repository commits and re-patch each patch properly documenting it's effect. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f00e122.3030...@mikemestnik.net