* [gentoo-dev] [gentoo-dev-announce] Last rites: <dev-python/django-1.7 and depending packages
@ 2015-11-11 10:28 Justin (jlec)
2015-11-12 7:22 ` Hans de Graaff
0 siblings, 1 reply; 3+ messages in thread
From: Justin (jlec) @ 2015-11-11 10:28 UTC (permalink / raw
To: gentoo-dev, gentoo-dev-announce
[-- Attachment #1: Type: text/plain, Size: 366 bytes --]
# Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
# Unfixed security problems
# No upstream support anymore
# CVE-2015-{0219,0220,0221,0222,5145}
# #536586
# #554864
=dev-python/django-1.4*
=dev-python/django-1.5*
=dev-python/django-1.6*
# Not supported by any django version upstream supports
dev-python/south
dev-python/Djblets
dev-util/reviewboard
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 951 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] [gentoo-dev-announce] Last rites: <dev-python/django-1.7 and depending packages
2015-11-11 10:28 [gentoo-dev] [gentoo-dev-announce] Last rites: <dev-python/django-1.7 and depending packages Justin (jlec)
@ 2015-11-12 7:22 ` Hans de Graaff
2015-11-12 8:16 ` Justin (jlec)
0 siblings, 1 reply; 3+ messages in thread
From: Hans de Graaff @ 2015-11-12 7:22 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 730 bytes --]
On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote:
> # Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
> # Unfixed security problems
> # No upstream support anymore
> # CVE-2015-{0219,0220,0221,0222,5145}
> # #536586
> # #554864
> =dev-python/django-1.4*
> =dev-python/django-1.5*
> =dev-python/django-1.6*
> # Not supported by any django version upstream supports
> dev-python/south
> dev-python/Djblets
> dev-util/reviewboard
Reviewboard upstream is now maintaining its own version of django 1.6
for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja
ngo-1-6-11-1-security-releases/
Would we be able to keep reviewboard in the tree (with a bump to the
2.5.x versions) with this?
Hans
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 213 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] [gentoo-dev-announce] Last rites: <dev-python/django-1.7 and depending packages
2015-11-12 7:22 ` Hans de Graaff
@ 2015-11-12 8:16 ` Justin (jlec)
0 siblings, 0 replies; 3+ messages in thread
From: Justin (jlec) @ 2015-11-12 8:16 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1211 bytes --]
On 12/11/15 08:22, Hans de Graaff wrote:
> On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote:
>> # Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
>> # Unfixed security problems
>> # No upstream support anymore
>> # CVE-2015-{0219,0220,0221,0222,5145}
>> # #536586
>> # #554864
>> =dev-python/django-1.4*
>> =dev-python/django-1.5*
>> =dev-python/django-1.6*
>> # Not supported by any django version upstream supports
>> dev-python/south
>> dev-python/Djblets
>> dev-util/reviewboard
>
> Reviewboard upstream is now maintaining its own version of django 1.6
> for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja
> ngo-1-6-11-1-security-releases/
>
> Would we be able to keep reviewboard in the tree (with a bump to the
> 2.5.x versions) with this?
>
> Hans
>
To me it doesn't makes sense to release an unofficial version of the framework
instead of bumping reviewboard to support the new LTS version of it.
Anyway, the only way I see is that reviewboard bundles that version of django. I
strongly object adding that version of django under dev-python/django as this
will suggest the user, that there is still support by upstream for 1.6.
Justin
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 951 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-11-12 8:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-11 10:28 [gentoo-dev] [gentoo-dev-announce] Last rites: <dev-python/django-1.7 and depending packages Justin (jlec)
2015-11-12 7:22 ` Hans de Graaff
2015-11-12 8:16 ` Justin (jlec)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox