From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 67FB81384B4 for ; Thu, 12 Nov 2015 08:16:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4472B21C15A; Thu, 12 Nov 2015 08:16:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3247D21C006 for ; Thu, 12 Nov 2015 08:16:07 +0000 (UTC) Received: from [IPv6:2a01:4f8:191:22ca::2:1003] (static-2-1003.not-your-server.de [IPv6:2a01:4f8:191:22ca::2:1003]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jlec) by smtp.gentoo.org (Postfix) with ESMTPSA id B0348340554; Thu, 12 Nov 2015 08:16:04 +0000 (UTC) Subject: Re: [gentoo-dev] [gentoo-dev-announce] Last rites: <1447312972.22216.2.camel@gentoo.org> From: "Justin (jlec)" Message-ID: <56444AC0.2040209@gentoo.org> Date: Thu, 12 Nov 2015 09:16:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <1447312972.22216.2.camel@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="cWh5b4WJSIl7UhOf7r41dpBxFnfUbtjhq" X-Archives-Salt: 4f7fe87d-6642-48f5-9198-3d9467a98896 X-Archives-Hash: 2a74bc9a6c1a1802e67ec232a75e8764 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --cWh5b4WJSIl7UhOf7r41dpBxFnfUbtjhq Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 12/11/15 08:22, Hans de Graaff wrote: > On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote: >> # Justin Lecher (28 Feb 2015) >> # Unfixed security problems >> # No upstream support anymore >> # CVE-2015-{0219,0220,0221,0222,5145} >> # #536586 >> # #554864 >> =3Ddev-python/django-1.4* >> =3Ddev-python/django-1.5* >> =3Ddev-python/django-1.6* >> # Not supported by any django version upstream supports >> dev-python/south >> dev-python/Djblets >> dev-util/reviewboard >=20 > Reviewboard upstream is now maintaining its own version of django 1.6 > for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja= > ngo-1-6-11-1-security-releases/ >=20 > Would we be able to keep reviewboard in the tree (with a bump to the > 2.5.x versions) with this? >=20 > Hans >=20 To me it doesn't makes sense to release an unofficial version of the fram= ework instead of bumping reviewboard to support the new LTS version of it. Anyway, the only way I see is that reviewboard bundles that version of dj= ango. I strongly object adding that version of django under dev-python/django as = this will suggest the user, that there is still support by upstream for 1.6. Justin --cWh5b4WJSIl7UhOf7r41dpBxFnfUbtjhq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1 iQJ8BAEBCgBmBQJWRErAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmirksP/A7N8ddLWIckTj6I91FV7Ega Oytg6bNd4ExFOhLMNnkGWUfspCKN8PTop+ml7bDaTdxMRlBKw1mfEyNLMovpeNE5 3kOsNpTCii9/u/8ljM2jhPSELqhIlhL7cAEDUZukBu5xCliefsBCpOucUrB73zyc oz6+X9GUdzNMgpE2P6bFDOs8sFOVBHhei4xvQMh164IC0bY0SsaggYPGgKfwhBDb Gs8LDYo8rFXBQYtbHX4yhshxdd7OpGcKyMd6Ap7TS6hcSaTOgyjMvmRIvCW7K8YV xulQfvzbgGihtmbpASKEWqlyY9cis17XiseBEa/TVg+RsRsbJ4O4jQyEt6RxztnX FlsFV5w10JoRQG8bhv7aTHlALF5QgEL1Wl3D3CHxGgT7XoQI4LxeKeL7JjYfi+gj kzC7JLmupcwr07OLsdo/ryktZ1zXBnkE4yAOrbhtw+WVgLxmUHSZ5LkhDCB3v1NN S61dVoQtKya86oyict/pYh8TiQQfQrdPSFZp9OLh/4v6FeRrE7jnefBVs/cqZ8L1 2HGXYE99uljuU1lvbFf48in3sONrioJSs+xtqy4KFj3I46wk1YYvHQgNid0Ccp01 xUMBtiXpHVUHXKpbNb/r2OTUxsQcPqN3r1WZ0AT1rHl/m62t9Cpc7xmoceDYQKF8 LH3bUHaKZCa0DhzI48fN =x6VO -----END PGP SIGNATURE----- --cWh5b4WJSIl7UhOf7r41dpBxFnfUbtjhq--