← Back to team overview

svn team mailing list archive

Re: Preparing to merge with upcoming Subversion 1.6.12dfsg-2 from Debian squeeze (testing)

 

On 06/10/10 09:33, Michael Diers wrote:
> On 2010-10-05 20:55, Max Bowsher wrote:
>> On 05/10/10 13:53, Michael Diers wrote:
>>> Peter Samuelson has submitted Subversion 1.6.12dfsg-2 to Debian
>>> unstable.
>>>
>>> https://launchpad.net/debian/+source/subversion/1.6.12dfsg-2
>>>
>>> The package will soon transition to Debian testing and eventually get
>>> collected in bzr branch lp:debian/squeeze/subversion.
>>>
>>> This release primarily addresses CVE-2010-3315. Is anyone (Max?)
>>> planning to merge this into our Lucid PPA? Otherwise I'll happily do
>>> that, and also update the other supported branches.
>>
>> I'm happy to do so. Or you can. I don't mind. But, it's time for us to
>> add a Maverick package, so whoever does should include that/
> 
> Right, I'm still slightly insecure when it comes to applying the tools
> correctly, so I may have to double-check with this list before actually
> causing havoc. Unless that's a problem, I'd like to give it a go.
> 
>>> (And then there's Subversion 1.6.13 out, too.)
>>
>> Hmm. Why don't we just jump straight to that? NB that since Debian is in
>> pre-release freeze, it's entirely likely that Peter will not upload
>> that. Neither will it make its way into Ubuntu until some time after
>> Natty Narwhal repositories open for general updates.
> 
> Peter managed to get an "unblock request" acknowledged for 1.6.12dfsg-2,
> so that will go into Squeeze by tomorrow. He intends to release 1.6.13
> to experimental or unstable once this has happened.
> 
> I'd like to provide 1.6.12dfsg-2 to my existing user base, just for the
> security fix.
> 
> After that, sure, let's tackle 1.6.13.

Awfully conservative user base if they are hesitant to update by a
micro-release, but OK, if you feel it's warranted, please go ahead.

In that case I suggest you proceed by merging (and since there is no new
upstream version nor odd branch divergence, plain old "bzr merge" is
fine here) 1.6.12dfsg-2 from lp:debian/sid/subversion first into our
lucid branch, to produce 1.6.12dfsg-2svn1, and thence onwards to karmic,
jaunty, hardy.

Let's skip Maverick for this version, to get the minimal security upload
done for the released distributions.

>> In which case, are you familiar with bzr-builddeb's 'bzr merge-package'
>> command? We should definitely use it, it's the de-facto standard for
>> importing upstream versions into a packaging branch.
> 
> Sorry, I can't say I am, but I'll have a look.
> 
>> Documentation may be scarce. I'll see what I can find and/or write a
>> summary myself.
> 
> That would be great, thanks in advance.

And, once we've got 1.6.12dfsg-2svn1 up, I'll tackle merging
1.6.12dfsg-1ubuntu1 from Maverick through our stack of packaging
branches, starting a Maverick branch, and merging 1.6.13 - and try to
write some useful notes on what I did.

Max.

Attachment: signature.asc
Description: OpenPGP digital signature


Follow ups

References