-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raphael Hertzog wrote: > The last 2 release (besides the current one) are security maintained, > aka 1.1 and 1.2. Since 1.1 has not seen any update, it means it's not > affected and thus 1.0 isn't as well. > > But we can verify this. I'm ccing James Bennett, the Django release > manager. Can you confirm what I said, James?
I have a subscription that already gets me on these bugs :) Anyway, our policy is that the most recent release (1.3) gets both security and general bug fixes, while the release prior to it (1.2) gets only security. We don't support anything older than that. That means we no longer support 1.1 or earlier versions in any official way. I'm quite certain that at least some of the security issues (especially the URLField problems) are present in 1.1. - -- James Bennett ja...@b-list.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk53AKIACgkQNoTAwIyLKuFtxACgnI8klzgYF/4xs15na09CabT/ p4MAn2AD4shy3d64vAH60XE66nBbRpYC =xCFW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
