On Wednesday 18 October 2006 11:43, Loïc Minier wrote: > On Wed, Oct 18, 2006, Frederik Dannemare wrote: > > Sorry for not being very active over the course of the summer (new > > job and everything). I am, however, prepared to pick up speed again > > and I was wondering if it would be okay to upload version 3.2.6 to > > unstable (with urgency=medium/high ?) now that we are getting > > pretty close to a freeze? Or would you recommend that I simply stay > > on version 3.2.3 + bug fixes? > > You can upload whatever version you see as stable enough for etch. > If it doesn't get any more serious bugs reported, it will transition > to etch naturally. > > Newer upstream releases should in general be tested more extensively > and hence should be uploaded with urgency=low, on the other hand, RC > bug fixes should uploaded with urgency=high (or at least medium). > Make your choice, or upload twice, perhaps 3.2.3 + bugfixes > urgency=high, followed by 3.2.6 when .3 is in testing. >
OK, I will do a 3.2.3-2 first (with urgency=high) and only include a simple fix for this security-related issue. I was thinking of simply setting target_dir to /var/lib/motion (and have the package create this dir, of course + mention it in README.Debian) similar to what e.g. mysql and other packages with variable data does. Additionally, I may suggest (in README.Debian) non-root system users to create their own ~/.motion/motion.conf in order to override the system-wide settings in /etc/motion/motion.conf, including target_dir. Will ask my sponsor to do the 3.2.3-2 upload tomorrow or possible Friday... Best regards, Frederik Dannemare
