[opensuse-factory] Open requests to submit packages from openSUSE:Factory to openSUSE:Leap:42.1
For the server:php:applications project there are currently many requests like Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image in the queue. What is expected from the project maintainers to be done? Best regards -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 2015-09-09 at 15:36 +0200, Johannes Weberhofer wrote:
For the server:php:applications project there are currently many requests like
Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image
in the queue. What is expected from the project maintainers to be done?
As Max announced in http://lists.opensuse.org/opensuse-factory/2015-08/msg00415.html, it is the package maintainers responsibility to get a package into Leap 42.1... There was a test project which tried to build 'Factory packages' for Leap 42.1 and what ciuld be built, has been submitted with a review on the package maintainers to approve, that this is indeed meant for a stable released product with a long term commitment. Some packages have explicitly been declined, as the maintainers do not feel comfortable to have their package in a released product, where they cannot do a 'adily update' as they can in Tumbleweed.... So if you see packages in the list that you want to have in Leap 42.1 and you're committed to support/maintain for the lifetime of openSUSE Leap 42.1, you should accept the review. Hope that clarifies things a bit. Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09.09.2015 15:36, Johannes Weberhofer wrote:
For the server:php:applications project there are currently many requests like
Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image
in the queue. What is expected from the project maintainers to be done?
Hi, See http://lists.opensuse.org/opensuse-packaging/2015-08/msg00083.html we need the maintainers approval that the submission makes sense and is complete In the very context of Horde I would expect someone to make sure all of it is submitted and not only those the script found useful. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Sep 09, 2015 at 05:00:03PM +0200, Stephan Kulow wrote:
On 09.09.2015 15:36, Johannes Weberhofer wrote:
For the server:php:applications project there are currently many requests like
Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image
in the queue. What is expected from the project maintainers to be done?
Hi,
See http://lists.opensuse.org/opensuse-packaging/2015-08/msg00083.html we need the maintainers approval that the submission makes sense and is complete
In the very context of Horde I would expect someone to make sure all of it is submitted and not only those the script found useful.
Given that we do not have good experiences with horde security updates for openSUSE, either a more capable maintainer need to step up or we should not include it. 848972 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6364: horde5: XSS and CSRF via saving search as virtual address book 2014-01-14 848974 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6365: horde5: CSRF in changing permissions functionality 2015-06-28 872334 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2012-6640: horde5-imp: XSS vulnerabilities triggered by opening malicious SVG attachments 2015-04-10 882792 SUSE Security Incidents Incidents lang@b1-systems.de CONF --- VUL-0: CVE-2014-3999: php5-pear-Horde_Ldap: connect to LDAP without knowing the password 2015-02-24 Ciao, marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 09.09.2015 um 17:05 schrieb Marcus Meissner:
On Wed, Sep 09, 2015 at 05:00:03PM +0200, Stephan Kulow wrote:
On 09.09.2015 15:36, Johannes Weberhofer wrote:
For the server:php:applications project there are currently many requests like
Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image
in the queue. What is expected from the project maintainers to be done?
Hi,
See http://lists.opensuse.org/opensuse-packaging/2015-08/msg00083.html we need the maintainers approval that the submission makes sense and is complete
In the very context of Horde I would expect someone to make sure all of it is submitted and not only those the script found useful.
Given that we do not have good experiences with horde security updates for openSUSE, either a more capable maintainer need to step up or we should not include it.
848972 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6364: horde5: XSS and CSRF via saving search as virtual address book 2014-01-14 848974 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6365: horde5: CSRF in changing permissions functionality 2015-06-28 872334 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2012-6640: horde5-imp: XSS vulnerabilities triggered by opening malicious SVG attachments 2015-04-10 882792 SUSE Security Incidents Incidents lang@b1-systems.de CONF --- VUL-0: CVE-2014-3999: php5-pear-Horde_Ldap: connect to LDAP without knowing the password 2015-02-24
Ciao, marcus
I personally could not maintain those packages. Ralf could do so, as all updates are done by him. Best regards, Johannes -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Dominique Leuenberger / DimStar -
Johannes Weberhofer -
Marcus Meissner -
Stephan Kulow