[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Luke Schierer lschiere at pidgin.im
Fri Aug 14 10:20:28 EDT 2009

Hash: SHA1

On Aug 13, 2009, at 20:54 EDT, Kevin Stange wrote:

> Mark Doliner wrote:
>> On Wed, Aug 12, 2009 at 8:57 PM, Warren Togami<wtogami at redhat.com>  
>> wrote:
>>> On 08/12/2009 10:48 PM, Mark Doliner wrote:
>>>>> Do we still plan on releasing 2.5.9 with just the patch? Will we  
>>>>> release
>>>>> 2.6.0 at the same time?
>>>> I think we should definitely release 2.6.0--aside from this change
>>>> everything is ready, right? Â I don't have a strong opinion about
>>>> releasing 2.5.9, but I'm mildly in favor.
>>> Could we please have a coordinated pidgin-1.5.2 as well? Â Due to  
>>> the
>>> confusion of the earlier incomplete patch and distros shipping  
>>> different
>>> versions of earlier patch, it would be good to agree upon a common  
>>> release?
>> Sorry, I personally don't have time to manage a patch for Pidgin
>> 1.5.2, but I certainly won't stop anyone else from doing so.
> I wouldn't want to create the impression we support the 1.5 branch by
> making any official release from it.  If this patch applies cleanly or
> can be made to apply trivially, then the backport should suffice.  If
> some prpls do not work, you can certainly opt to update your ./ 
> configure
> options accordingly, but you can reasonably assume that 1.5.x will  
> only
> get worse, and spending the time trying to figure out what still works
> and what doesn't seems counter-productive to me.
> Kevin

Normally what I'd do is apply the patch & tag it, but not set up  
tarballs.  However, I am on vacation and not able to reach my  
computers @ the house.


Version: GnuPG v1.4.8 (Darwin)


More information about the Packagers mailing list