1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108984: unblock: git/1:2.50.0-1 (discussion)

    From Salvatore Bonaccorso@21:1/5 to All on Tue Jul 8 22:30:01 2025
    XPost: linux.debian.devel.release

    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: [email protected], Jonathan Nieder <[email protected]>, [email protected], [email protected]
    Control: affects -1 + src:git
    User: [email protected]
    Usertags: unblock

    Hi Jonathan, hi release team

    Jonathan, in the ligth of #1108983, which should have ideally fixes
    landing in trixie before it's release, what is your take on
    git/1:2.50.0-1 for trixie (and those fixed later on top)? Is it ready
    to go? If so can you provide the release team with
    information/assessment to see if they can accept the unblock?

    Thanks already a lot,
    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Paul Gevers on Sun Jul 20 08:30:01 2025
    XPost: linux.debian.devel.release

    Hi Paul,

    On Thu, Jul 17, 2025 at 07:43:47AM +0200, Paul Gevers wrote:
    Hi,

    On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso <[email protected]> wrote:
    Jonathan, in the ligth of #1108983, which should have ideally fixes
    landing in trixie before it's release, what is your take on
    git/1:2.50.0-1 for trixie (and those fixed later on top)? Is it ready
    to go? If so can you provide the release team with
    information/assessment to see if they can accept the unblock?

    In line with our freeze policy [1], at this moment of the freeze, we'd only accept the fixes by reverting to the version in testing and applying
    targeted fixes on top of that version. Looking at the security tracker, it seems that there's a later version in the 2.47 series than we have in testing. I'm assuming that's a bug fix release upstream [2], although it
    does contain more commits than I expected [3]. (Maybe I'm holding it wrong, or they are indeed all needed to fix the CVE's).

    Your analysis is correct and the fixes are as well in v2.43.7, but I
    think we really need an action here from Jonathan.

    Jonathan, time is expring now really given we know when the full
    freeze is and the trixie releae on 9th of august. How do we move
    forward with src:git?

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Paul Gevers on Mon Jul 28 20:50:01 2025
    XPost: linux.debian.devel.release

    Hi Jonathan,

    On Thu, Jul 17, 2025 at 07:43:47AM +0200, Paul Gevers wrote:
    Hi,

    On Tue, 08 Jul 2025 22:23:03 +0200 Salvatore Bonaccorso <[email protected]> wrote:
    Jonathan, in the ligth of #1108983, which should have ideally fixes
    landing in trixie before it's release, what is your take on
    git/1:2.50.0-1 for trixie (and those fixed later on top)? Is it ready
    to go? If so can you provide the release team with
    information/assessment to see if they can accept the unblock?

    In line with our freeze policy [1], at this moment of the freeze, we'd only accept the fixes by reverting to the version in testing and applying
    targeted fixes on top of that version. Looking at the security tracker, it seems that there's a later version in the 2.47 series than we have in testing. I'm assuming that's a bug fix release upstream [2], although it
    does contain more commits than I expected [3]. (Maybe I'm holding it wrong, or they are indeed all needed to fix the CVE's).

    Did you saw the comments from Paul? I think unless the upload happens
    *now* we will be defintively late to get in included in trixie via
    unstable.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)