Bug#1037263: unblock: php8.2/8.2.7-1
Hi, On Fri, Jun 09, 2023 at 08:06:41PM +0200, Ondřej Surý wrote: > > > > On 9. 6. 2023, at 20:03, Paul Gevers wrote: > > > > Hi Ondřej, > > > >> On 09-06-2023 18:58, Ondřej Surý wrote: > >> php8.2 8.2.7-1 is a security release, so it would be pretty > >> wrong to release bookworm with the old PHP. I am sorry for > >> the timing, but that's just coincidence. > > > > Sorry, but this is really about 1 week too late (we are in the quite > > periode to prepare for tomorrow). From last weekend on security issues are > > handled by the security team. Otherwise you can prepare a point release > > update, but that's handled with different usertags and meta data. > > I’ve already reached to the security team, so I guess we’ll handle > it there. I didn’t know that bookworm-security has been open now. Let's close this unblock request, as mentioned already on the mail to team@s.d.o we can go trough bookworm-security. Only think to be careful here is the used verison, as 8.2.7-1 will go to unstable, for bookworm-security we would have 8.2.7-1~deb12u1 (as this is just a rebuild of the version, if on the other hand the packaging would have diverged and importing a new upstream version on top, then it would have been 8.2.7-0+deb12u1). Regards, Salvatore
Bug#1037263: unblock: php8.2/8.2.7-1
> On 9. 6. 2023, at 20:03, Paul Gevers wrote: > > Hi Ondřej, > >> On 09-06-2023 18:58, Ondřej Surý wrote: >> php8.2 8.2.7-1 is a security release, so it would be pretty >> wrong to release bookworm with the old PHP. I am sorry for >> the timing, but that's just coincidence. > > Sorry, but this is really about 1 week too late (we are in the quite periode > to prepare for tomorrow). From last weekend on security issues are handled by > the security team. Otherwise you can prepare a point release update, but > that's handled with different usertags and meta data. I’ve already reached to the security team, so I guess we’ll handle it there. I didn’t know that bookworm-security has been open now. Thanks, Ondřej -- Ondřej Surý (He/Him) > Paul
Bug#1037263: unblock: php8.2/8.2.7-1
Hi Ondřej, On 09-06-2023 18:58, Ondřej Surý wrote: php8.2 8.2.7-1 is a security release, so it would be pretty wrong to release bookworm with the old PHP. I am sorry for the timing, but that's just coincidence. Sorry, but this is really about 1 week too late (we are in the quite periode to prepare for tomorrow). From last weekend on security issues are handled by the security team. Otherwise you can prepare a point release update, but that's handled with different usertags and meta data. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1037263: unblock: php8.2/8.2.7-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Please unblock package php8.2 Hi, php8.2 8.2.7-1 is a security release, so it would be pretty wrong to release bookworm with the old PHP. I am sorry for the timing, but that's just coincidence. [ Reason ] This is in line with previous request as discussed in #1033492 and sanctioned by security team. [ Impact ] Releasing Debian bookworm with known security vulnerability. [ Tests ] There's autopkg tests and people are also using this already since yesterday from my PPAs that usually has hundred thousands of users. [ Risks ] (Discussion of the risks involved. E.g. code is trivial or complex, key package vs leaf package, alternatives available.) [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The package itself is building right now and will be uploaded in hour or so. unblock php8.2/8.2.7-1 -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmSDWjtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJ4ZBAAol2eQPvGxi5eLkPaJMwHGLCE0XysPDNQJUTRaiXncC0NiwaumvQyDmEs HdbIwznbsKWGtCnusFvKj/JtqN4BJCFDNwZe9a8dhGkiTRi4HmZDvlW/p6fXD+gg gCnQqXNSGWrfZgo4W1HUc1KPft/3kzkKFMsAFwV8mknagLttH2uRdzpgQzMFCEIk 3yPanlFbNhuCv4SUy//Bzp+txvBIE952TKqBbcUId6QquDs1SeppB0gIT5jOzQ6l vJeKjGT8yGVn0MVOimVYVC1PuulI9BiWB53NN3v+2PikasmOcX6VoCmS6jJtNQqs QryZAQiqYJzAEcqZM6/gGGLEwqYUaCoqu5aND5GwJAIsloo1YQSclUWUASEc+EKV fujFL3LzuHksx1IXAstujp/ltuk8u2GIlWqMQxXaLJ+QC/S99EYmARaC8veX8m4t q4/pacIcjtfBoUCm1mzWRFDpqxSwK/clnEFlrMHf5dB/9Gc17rpeKLdYIrz34Ke4 RywSG8VAq8pepGQ5/2oWCKfyOnBd78rjZ6cdegdT0WhtOO/c70GKRMspM0bnGkIZ 3e/GY65Cb64Axb+e/dX8smRYWhDMtuVL3LFgpRIoPS5tIwNaW3ADjr1Ed1roB5eS il9Sf4cJkjTKZOHCB54MxtBnbgV5/DyX0pJijGp4iCLdL0y04/o= =Yf9P -END PGP SIGNATURE-
