| 1 |
On 12/11/15 08:22, Hans de Graaff wrote: |
| 2 |
> On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote: |
| 3 |
>> # Justin Lecher <jlec@g.o> (28 Feb 2015) |
| 4 |
>> # Unfixed security problems |
| 5 |
>> # No upstream support anymore |
| 6 |
>> # CVE-2015-{0219,0220,0221,0222,5145} |
| 7 |
>> # #536586 |
| 8 |
>> # #554864 |
| 9 |
>> =dev-python/django-1.4* |
| 10 |
>> =dev-python/django-1.5* |
| 11 |
>> =dev-python/django-1.6* |
| 12 |
>> # Not supported by any django version upstream supports |
| 13 |
>> dev-python/south |
| 14 |
>> dev-python/Djblets |
| 15 |
>> dev-util/reviewboard |
| 16 |
> |
| 17 |
> Reviewboard upstream is now maintaining its own version of django 1.6 |
| 18 |
> for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja |
| 19 |
> ngo-1-6-11-1-security-releases/ |
| 20 |
> |
| 21 |
> Would we be able to keep reviewboard in the tree (with a bump to the |
| 22 |
> 2.5.x versions) with this? |
| 23 |
> |
| 24 |
> Hans |
| 25 |
> |
| 26 |
|
| 27 |
To me it doesn't makes sense to release an unofficial version of the framework |
| 28 |
instead of bumping reviewboard to support the new LTS version of it. |
| 29 |
|
| 30 |
Anyway, the only way I see is that reviewboard bundles that version of django. I |
| 31 |
strongly object adding that version of django under dev-python/django as this |
| 32 |
will suggest the user, that there is still support by upstream for 1.6. |
| 33 |
|
| 34 |
Justin |
Archives