[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Kevin Stange kstange at pidgin.im
Thu Aug 13 20:54:48 EDT 2009


Mark Doliner wrote:
> On Wed, Aug 12, 2009 at 8:57 PM, Warren Togami<wtogami at redhat.com> wrote:
>> On 08/12/2009 10:48 PM, Mark Doliner wrote:
>>>> Do we still plan on releasing 2.5.9 with just the patch? Will we release
>>>> 2.6.0 at the same time?
>>> I think we should definitely release 2.6.0--aside from this change
>>> everything is ready, right? Â I don't have a strong opinion about
>>> releasing 2.5.9, but I'm mildly in favor.
>> Could we please have a coordinated pidgin-1.5.2 as well? Â Due to the
>> confusion of the earlier incomplete patch and distros shipping different
>> versions of earlier patch, it would be good to agree upon a common release?
> 
> Sorry, I personally don't have time to manage a patch for Pidgin
> 1.5.2, but I certainly won't stop anyone else from doing so.
> 

I wouldn't want to create the impression we support the 1.5 branch by
making any official release from it.  If this patch applies cleanly or
can be made to apply trivially, then the backport should suffice.  If
some prpls do not work, you can certainly opt to update your ./configure
options accordingly, but you can reasonably assume that 1.5.x will only
get worse, and spending the time trying to figure out what still works
and what doesn't seems counter-productive to me.

Kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20090813/186870a6/attachment.pgp>


More information about the Packagers mailing list