[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
Luke Schierer
lschiere at pidgin.im
Fri Aug 14 10:20:28 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Aug 13, 2009, at 20:54 EDT, Kevin Stange wrote:
> Mark Doliner wrote:
>> On Wed, Aug 12, 2009 at 8:57 PM, Warren Togami<wtogami at redhat.com>
>> wrote:
>>> On 08/12/2009 10:48 PM, Mark Doliner wrote:
>>>>> Do we still plan on releasing 2.5.9 with just the patch? Will we
>>>>> release
>>>>> 2.6.0 at the same time?
>>>> I think we should definitely release 2.6.0--aside from this change
>>>> everything is ready, right? Â I don't have a strong opinion about
>>>> releasing 2.5.9, but I'm mildly in favor.
>>> Could we please have a coordinated pidgin-1.5.2 as well? Â Due to
>>> the
>>> confusion of the earlier incomplete patch and distros shipping
>>> different
>>> versions of earlier patch, it would be good to agree upon a common
>>> release?
>>
>> Sorry, I personally don't have time to manage a patch for Pidgin
>> 1.5.2, but I certainly won't stop anyone else from doing so.
>>
>
> I wouldn't want to create the impression we support the 1.5 branch by
> making any official release from it. If this patch applies cleanly or
> can be made to apply trivially, then the backport should suffice. If
> some prpls do not work, you can certainly opt to update your ./
> configure
> options accordingly, but you can reasonably assume that 1.5.x will
> only
> get worse, and spending the time trying to figure out what still works
> and what doesn't seems counter-productive to me.
>
> Kevin
>
Normally what I'd do is apply the patch & tag it, but not set up
tarballs. However, I am on vacation and not able to reach my
computers @ the house.
Luke
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkqFcqwACgkQUsDanPbyGdnYPQCfYmsgjmvlQybtbck2Pj62WQZI
U5IAoLU2EGQAAQl/+Z21Zy+Y4S8lPlAZ
=dpXI
-----END PGP SIGNATURE-----
More information about the Packagers
mailing list