[drupal-devel] Bug#311817: Please allow drupal 4.5.3-1

Hilko Bengen bengen at debian.org
Fri Jun 3 13:52:04 UTC 2005

Package: drupal
Version: 4.5.2-0
Severity: critical
Tags: security, sarge

John Goerzen <jgoerzen at complete.org> writes:

> On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote:
>> Steve Langasek <vorlon at debian.org> writes:
>> So, you are not accepting my drupal_4.5.3-1 (or -2) package into sarge
>> because 4.5.3 fixes more than cited security issue?
> Why are you not using the simple patch available at
> http://drupal.org/drupal-4.6.1

I had only been told that 4.5.3 which is supposed to fix some security
issue had been released. Hoping that the release team would simply
accept it into sarge, I just packaged that.

BTW: Dries Buytaert, one of the main developers of Drupal, just told
me that most of the other fixes in 4.5.3 are input checks. Moreover,
the 4.5.3-2 package I uploaded also adds Vietnamese Debconf
translations, which might qualify it for inclusion in Sarge.

Again, there is _no_ added functionality over 4.5.2 in 4.5.3. I
frankly don't see why the issue is still being discussed and casual
comments are made about what a maintainer should do to "get it right".

I'd rather not be responsible for stressing the security team nor the
release team too much a few days before Sarge is going to be released. 
OTOH, I _have_ uploaded a package which fixes the security issue and I
suppose I could just sit there and assume that this is ok until told


More information about the drupal-devel mailing list