On Sat, Jan 29, 2011 at 05:48:43PM +0000, Adam D. Barratt wrote: > On Tue, 2011-01-25 at 09:16 +0100, Guido Günther wrote: > > On Mon, Jan 24, 2011 at 08:43:38PM +0000, Adam D. Barratt wrote: > > > The main problem I'm having with looking at this is the size of the diff > > > that gets introduced as a result. Even after ignoring the test suite, > > > the embedded copy of sqlite3 and the autoconf patches, I'm still left > > > with > > > > > > 2061 files changed, 65055 insertions(+), 96419 deletions(-) > > > > > > which isn't particularly fun. :-/ > > Yes, I agree - updating from 3.0.0 to 3.0.11 sucks but it will allow us > > to track icedove's security releases from now on with minimal impact. > [...] > > I fully understand that making these changes that late in the release is > > a bad thing but shipping unpatched xulrunner that reads external > > calendar data isn't great either. If the changes are too big we should > > reconsider pulling iceowl from squeeze. We could then come back with a > > better synched package for wheezy. > > So, I really should stop procrastinating on this. :-/ > > Would I be correct in assuming that even with the new upstream tarball > the package would still not get official support from the security team > and any required security updates would have to go via proposed-updates? I'm cc'ing Moritz for his opinion on this. With the new version based on the icedove tarball it would be simple enough to handle the xulrunner flaws via that path. Cheers, -- Guido
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
