svn team mailing list archive

Thread
Date

Re: Preparing to merge with upcoming Subversion 1.6.12dfsg-2 from Debian squeeze (testing)

To: Max Bowsher <maxb@xxxxxxx>
From: Michael Diers <mdiers@xxxxxxxx>
Date: Wed, 06 Oct 2010 10:33:49 +0200
Cc: svn@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4CAB74A9.3090907@f2s.com>
Organization: elego Software Solutions GmbH
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.12) Gecko/20100914 Lightning/1.0b1 Thunderbird/3.0.8

On 2010-10-05 20:55, Max Bowsher wrote:
> On 05/10/10 13:53, Michael Diers wrote:
>> Peter Samuelson has submitted Subversion 1.6.12dfsg-2 to Debian
>> unstable.
>>
>> https://launchpad.net/debian/+source/subversion/1.6.12dfsg-2
>>
>> The package will soon transition to Debian testing and eventually get
>> collected in bzr branch lp:debian/squeeze/subversion.
>>
>> This release primarily addresses CVE-2010-3315. Is anyone (Max?)
>> planning to merge this into our Lucid PPA? Otherwise I'll happily do
>> that, and also update the other supported branches.
> 
> I'm happy to do so. Or you can. I don't mind. But, it's time for us to
> add a Maverick package, so whoever does should include that/

Right, I'm still slightly insecure when it comes to applying the tools
correctly, so I may have to double-check with this list before actually
causing havoc. Unless that's a problem, I'd like to give it a go.

>> https://code.launchpad.net/ubuntu/+source/subversion
>>
>> lp:~svn/ubuntu/lucid/subversion/ppa
>> lp:~svn/ubuntu/karmic/subversion/ppa
>> lp:~svn/ubuntu/jaunty/subversion/ppa
>> lp:~svn/ubuntu/hardy/subversion/ppa
>>
>> Dapper is too hard to backport to.
> 
> And really, anyone running the current minus 2 LTS has no cause to
> expect software updates.

Agreed.

>> (And then there's Subversion 1.6.13 out, too.)
> 
> Hmm. Why don't we just jump straight to that? NB that since Debian is in
> pre-release freeze, it's entirely likely that Peter will not upload
> that. Neither will it make its way into Ubuntu until some time after
> Natty Narwhal repositories open for general updates.

Peter managed to get an "unblock request" acknowledged for 1.6.12dfsg-2,
so that will go into Squeeze by tomorrow. He intends to release 1.6.13
to experimental or unstable once this has happened.

I'd like to provide 1.6.12dfsg-2 to my existing user base, just for the
security fix.

After that, sure, let's tackle 1.6.13.

> In which case, are you familiar with bzr-builddeb's 'bzr merge-package'
> command? We should definitely use it, it's the de-facto standard for
> importing upstream versions into a packaging branch.

Sorry, I can't say I am, but I'll have a look.

> Documentation may be scarce. I'll see what I can find and/or write a
> summary myself.

That would be great, thanks in advance.

-- 
Michael Diers, elego Software Solutions GmbH, http://www.elego.de

Follow ups

Re: Preparing to merge with upcoming Subversion 1.6.12dfsg-2 from Debian squeeze (testing)
From: Max Bowsher, 2010-10-06

References

Preparing to merge with upcoming Subversion 1.6.12dfsg-2 from Debian squeeze (testing)
From: Michael Diers, 2010-10-05
Re: Preparing to merge with upcoming Subversion 1.6.12dfsg-2 from Debian squeeze (testing)
From: Max Bowsher, 2010-10-05