Package: src:rails-4.0 Version: 4.0.2+dfsg-2 Severity: serious Justification: unsuitable for release
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 As discussed in debian-ruby-extras, we must not release next Debian stable with rails that we could support security wise. rails-4.0 is an "Next most recent release series"[1] and it will stop being supported when next major+1 release of rubyonrails is out. Since rails doesn't have any clear roadmap this could happen in Jessie lifetime and we would certainly want to prevent that. Unfortunatelly this also means that we won't ship any r-deps that hard depend on Ruby On Rails 4.0, but we really need to prevent the security nightmare we have with rails-2.3+redmine in Debian wheezy. 1. http://rubyonrails.org/security/ - -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (900, 'stable'), (800, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJTxpD4AAoJEAyZtw70/LsHX1UP/2tbbFvL+O3ev5B+eY8t0vXI /DQptgQyzRDt4uap74lK0gapPmrIrHlR5ME9U+sh29rjt/JA2+Qx2iu6h8euTtfT 8UQKKpmyqLzW0zA7VUTeCilirUSI+tng2CoLRYjBuEh+rweWdPsOzt335aG9k7Ee /2FZ5ztb9YXbgRXEqRVJncwlCxr2/p49dw9JYzFU1zm1apOOHxzGTULLKi0L3nZY DoYVIQKJlg3DYmQcF8Qf0vioLmTxD/Pmv56KVS/Yl0y+FjpeTKpL9m9l7gdPbTw7 0PbfalaCZ945e9NQYxDdJ/JvDQQ0zGJ2YAoXOYx4E4/eWASTyBqb7uHuaqLOqvoe uCNZcIx6QWcxxDUrR71wbcR0oQyjde/4LN3hoV55UOrS1F1P7tx2nXZVX/utbx1x NpcPcDLrMkn12OWhJk2qi6QeH9zm/4qPd+Acz6uo40L0Kc/uEdrri8hqmN9fZNMV +df5o7G7rSqjdyCjVHt6yrJ0MZU5/Ozd6qOo9KJ23f363eUpuoE4hd3WadidGEkr RE7ZqnzvazBmzGz4axuO8kthkLRv6aaXForc16oP1Dm/wEf2dAoZPIJgapS/vNjq GWT7toJrPTCp/kB9pKc4AJUxSjoSvNig1oOTzJwJx+8saIblDOWT6x/vbbduhPpx O6WxRXVewLlddqA8cZCh =yaXX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
