Christopher Stone a écrit :
Ah I see, I wonder why minor point releases are not updated on supported Fedora distributions. You think there could be a possibility we could co-maintain php-pear with Joe and do point releases on supported stable fedora repositories?
I'm already co-maintainer on php-pear.
pear-1.6.x use a totally new spec (1.5.x use an upstream .phar, 1.6.x use the upstream .tar.gz).
I agree we should push 1.6.x to F7 (it's a security update because pear < 1.5.4 as security issues) but we must ask Joe about this.
Regards
Remi Collet a écrit :
I agree we should push 1.6.x to F7 (it's a security update because pear < 1.5.4 as security issues) but we must ask Joe about this.
Notes : - 1.5.0 to 1.6.2 is not a minor update - it will need a rebuild of all pecl extension - it will add a Requires on the new pear wersion
Remi.
P.S. i can't remenber if an upgrade to 1.5.4 will be possible. pear 1.6.x need some patches (included upstream in 1.6.2) to have working register of pecl extension : http://pear.php.net/bugs/bug.php?id=11420 http://pear.php.net/bugs/bug.php?id=11517 http://pear.php.net/bugs/bug.php?id=11657 http://pear.php.net/bugs/bug.php?id=12009
On Mon, Nov 26, 2007 at 06:43:39AM +0100, Remi Collet wrote:
Remi Collet a écrit :
I agree we should push 1.6.x to F7 (it's a security update because pear < 1.5.4 as security issues) but we must ask Joe about this.
There is no need to treat CVE-2007-2519 (the bug fixed in 1.5.4) as security-sensitive; see https://bugzilla.redhat.com/show_bug.cgi?id=241218
Notes :
- 1.5.0 to 1.6.2 is not a minor update
- it will need a rebuild of all pecl extension
I'm not sure that's really a good idea then. Doing a 1.5.4 update, if possible, sounds safer.
joe
On Nov 26, 2007 1:18 AM, Joe Orton jorton@redhat.com wrote:
On Mon, Nov 26, 2007 at 06:43:39AM +0100, Remi Collet wrote:
Remi Collet a écrit :
I agree we should push 1.6.x to F7 (it's a security update because pear < 1.5.4 as security issues) but we must ask Joe about this.
There is no need to treat CVE-2007-2519 (the bug fixed in 1.5.4) as security-sensitive; see https://bugzilla.redhat.com/show_bug.cgi?id=241218
Notes :
- 1.5.0 to 1.6.2 is not a minor update
- it will need a rebuild of all pecl extension
I'm not sure that's really a good idea then. Doing a 1.5.4 update, if possible, sounds safer.
+1 on a 1.5.4 update for F-7
Joe Orton a écrit :
- 1.5.0 to 1.6.2 is not a minor update
- it will need a rebuild of all pecl extension
I'm not sure that's really a good idea then. Doing a 1.5.4 update, if possible, sounds safer.
I've probaly been not enough precise
If we update pear to introduce a new version and macro which are required to register the pecl extension, we need a mass-rebuild, whatever is the new version (1.5.x or 1.6.x) (and new Requires).
Remi
php-devel@lists.fedoraproject.org
-
Christopher Stone -
Joe Orton -
Remi Collet