svn team mailing list archive

[Michael Diers <mdiers@xxxxxxxx>]

On 2010-10-13 03:42, Max Bowsher wrote:
> On 06/10/10 12:08, Max Bowsher wrote:
>> On 06/10/10 09:33, Michael Diers wrote:
>>> On 2010-10-05 20:55, Max Bowsher wrote:
>>>> On 05/10/10 13:53, Michael Diers wrote:
>>>>> Peter Samuelson has submitted Subversion 1.6.12dfsg-2 to Debian
>>>>> unstable.
>>>>>
>>>>> https://launchpad.net/debian/+source/subversion/1.6.12dfsg-2
>>>>>
>>>>> The package will soon transition to Debian testing and eventually get
>>>>> collected in bzr branch lp:debian/squeeze/subversion.
>>>>>
>>>>> This release primarily addresses CVE-2010-3315. Is anyone (Max?)
>>>>> planning to merge this into our Lucid PPA? Otherwise I'll happily do
>>>>> that, and also update the other supported branches.
>>>>
>>>> I'm happy to do so. Or you can. I don't mind. But, it's time for us to
>>>> add a Maverick package, so whoever does should include that/
>>>
>>> Right, I'm still slightly insecure when it comes to applying the tools
>>> correctly, so I may have to double-check with this list before actually
>>> causing havoc. Unless that's a problem, I'd like to give it a go.
>>>
>>>>> (And then there's Subversion 1.6.13 out, too.)
>>>>
>>>> Hmm. Why don't we just jump straight to that? NB that since Debian is in
>>>> pre-release freeze, it's entirely likely that Peter will not upload
>>>> that. Neither will it make its way into Ubuntu until some time after
>>>> Natty Narwhal repositories open for general updates.
>>>
>>> Peter managed to get an "unblock request" acknowledged for 1.6.12dfsg-2,
>>> so that will go into Squeeze by tomorrow. He intends to release 1.6.13
>>> to experimental or unstable once this has happened.
>>>
>>> I'd like to provide 1.6.12dfsg-2 to my existing user base, just for the
>>> security fix.
>>>
>>> After that, sure, let's tackle 1.6.13.
>>
>> Awfully conservative user base if they are hesitant to update by a
>> micro-release, but OK, if you feel it's warranted, please go ahead.
>>
>> In that case I suggest you proceed by merging (and since there is no new
>> upstream version nor odd branch divergence, plain old "bzr merge" is
>> fine here) 1.6.12dfsg-2 from lp:debian/sid/subversion first into our
>> lucid branch, to produce 1.6.12dfsg-2svn1, and thence onwards to karmic,
>> jaunty, hardy.
>>
>> Let's skip Maverick for this version, to get the minimal security upload
>> done for the released distributions.
>>
>>>> In which case, are you familiar with bzr-builddeb's 'bzr merge-package'
>>>> command? We should definitely use it, it's the de-facto standard for
>>>> importing upstream versions into a packaging branch.
>>>
>>> Sorry, I can't say I am, but I'll have a look.
>>>
>>>> Documentation may be scarce. I'll see what I can find and/or write a
>>>> summary myself.
>>>
>>> That would be great, thanks in advance.
>>
>> And, once we've got 1.6.12dfsg-2svn1 up, I'll tackle merging
>> 1.6.12dfsg-1ubuntu1 from Maverick through our stack of packaging
>> branches, starting a Maverick branch, and merging 1.6.13 - and try to
>> write some useful notes on what I did.
> 
> Maverick's released. I'd like to do this soon.
> 
> Please let me know if you still intend to bother with 1.6.12dfsg-2.

Max,

sorry for the delay. I had a look at 'bzr merge-package' but I'm afraid
I didn't spend enough time with it to understand how it's supposed to
work in this case, i.e. given an exising Bazaar branch tracking
upstream. Please go ahead with 1.6.13, I'll try to watch and learn.

-- 
Michael Diers, elego Software Solutions GmbH, http://www.elego.de