Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, Upstream released MongoDB 2.6.0 too late for Jessie and started to work for 2.8.0. Then I was blind to see they backport important fixes for the 2.4.x tree. The 2.4.11 [1] and 2.4.12 [2] changelogs are available, as well the upcoming 2.4.13 [3]. I suspect it's too late to let them enter Jessie, but I'd be happy to package them if allowed. At least I ask permission to use the security fix[4] and disabling of the SSLv3 ciphers[5]. Which path may I take? I should emphasize that the fixes included went through the 2.5 development cycle and part of the current stable, 2.6 release tree. The fixes backport done and tested by upstream itself. I've already packaged 2.4.12 for Sid and all I had to change is to adjust a small patch to apply clean without fuzz. I'll backport the SSLv3 disable patch from 2.4.13 soon to the package. Thanks for consideration, Laszlo/GCS [1] https://jira.mongodb.org/browse/SERVER/fixforversion/13795 [2] https://jira.mongodb.org/browse/SERVER/fixforversion/14288 [3] https://jira.mongodb.org/browse/SERVER/fixforversion/14488 [4] https://jira.mongodb.org/browse/SERVER-14268 [5] https://jira.mongodb.org/browse/SERVER-15673 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
