[Pkg-roundcube-maintainers] Wheezy update of roundcube?
Sandro Knauß
bugs at sandroknauss.de
Mon May 9 21:31:05 UTC 2016
Hey,
On the one side I'm totally with Guilhem, that getting rid of the old
roundcube in old-stable would be the best thing. Upstream itself do not
support this version for a longer time. I'm not sure if any CVEs are filed for
such old versions anymore from upstream.
On the other side: The upgrade from 0.7->0.9->1.0 was never tested on a bit
audience, because roundcube was not released with stable. So we have a very
small testset, who tested this upgrade. So pushing this upgrade to lts is
exactly the opposite of providing a stable upgrade.
Regards,
sandro
--
Am Dienstag, 3. Mai 2016, 18:52:32 CEST schrieb Markus Koschany:
> Am 03.05.2016 um 18:37 schrieb Moritz Muehlenhoff:
> > On Tue, May 03, 2016 at 06:28:03PM +0200, Markus Koschany wrote:
> >> The second best solution would be to backport either the 1.0.x branch or
> >> your jessie-backport packages to Wheezy. Since you actively maintain
> >> them, what do you think, how complex is the task to backport the
> >> packages from jessie-backports to Wheezy?
> >
> > What's the point in updating a server package like roundcube in LTS
> > to the version from LTS+1? I creates significant churn on the sysadmin's
> > side, which is better spent on upgrading the entire VM/machine to LTS+1.
> >
> > Clearly not all packages are suitable for five years maintenance, so it's
> > better to not paper over the systems, but rather make this explicit.
>
> You should also take into consideration that Roundcube is a web
> application and depending on the package in question and options
> available, a backport is a reasonable solution, for the same reasons we
> have backported other packages before. Also the whole point of LTS is
> that you don't have to upgrade the entire system, especially if you run
> multiple different PHP applications on the same server. The order of
> options is still valid.
>
> Regards,
>
> Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20160509/8900f10c/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list