From owner-freebsd-python@freebsd.org Wed Aug 19 15:36:56 2015 Return-Path: Delivered-To: freebsd-python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF71A9BE36A for ; Wed, 19 Aug 2015 15:36:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B02BA1640 for ; Wed, 19 Aug 2015 15:36:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id AF0189BE369; Wed, 19 Aug 2015 15:36:56 +0000 (UTC) Delivered-To: python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE97B9BE368 for ; Wed, 19 Aug 2015 15:36:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 83C73163E for ; Wed, 19 Aug 2015 15:36:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2C8ED20BF3 for ; Wed, 19 Aug 2015 11:36:55 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute6.internal (MEProxy); Wed, 19 Aug 2015 11:36:55 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=DMVpoCmZ2A+Vd/4 5pmhyHaVz0d4=; b=kOTJTCNaw9vCXs8bbULgVlhlNCaSyaoMSKn82x+ugQZlEve yssOvoUdmxOL7SKraMA+2SOi2JA3MLReONkFL13hWK/kdakUGTIZFeGYPuqRvpu+ le+oGsoyOsbi8LzVKi27wh92UrMGddjIGIejUEK9qn0xdSJesX12NuNxpYy4= Received: by web3.nyi.internal (Postfix, from userid 99) id 0A53F10B2D4; Wed, 19 Aug 2015 11:36:55 -0400 (EDT) Message-Id: <1439998614.2724165.360407393.5F130D70@webmail.messagingengine.com> X-Sasl-Enc: aUEi83OBOEQfsqlV1Wy2Pw0ahNwRkuKhmfyEy79JKBKU 1439998614 From: Mark Felder To: "Li-Wen Hsu" Cc: python MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-4fee8ba5 In-Reply-To: <1439998219.2722781.360401857.46FCCBD9@webmail.messagingengine.com> References: <1439923130.1067596.359551361.446BF03F@webmail.messagingengine.com> <1439997826.2721336.360395769.5671C796@webmail.messagingengine.com> <1439998219.2722781.360401857.46FCCBD9@webmail.messagingengine.com> Subject: Re: py-django vulnerabilities Date: Wed, 19 Aug 2015 10:36:54 -0500 X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2015 15:36:57 -0000 On Wed, Aug 19, 2015, at 10:30, Mark Felder wrote: > > > On Wed, Aug 19, 2015, at 10:27, Li-Wen Hsu wrote: > > On Wed, Aug 19, 2015 at 11:23 PM, Mark Felder wrote: > > > > > > > > > On Tue, Aug 18, 2015, at 13:38, Mark Felder wrote: > > >> Hello, > > >> > > >> Django just released some updates to address vulnerabilities. I have > > >> created the vuxml entry. > > >> > > >> https://vuxml.freebsd.org/freebsd/b0e54dc1-45d2-11e5-adde-14dae9d210b8.html > > >> > > >> > > >> Let me know if you need any help getting these updates pushed and merged > > >> to quarterly branch > > >> > > >> > > >> Thanks! > > > > > > Due to the radio silence and simplicity of the updates (no plist > > > changes) I am moving forward with pushing these updates and merging to > > > the quarterly branch. > > > > Thanks for the update. I have the same patch with you. But I haven't > > had www/py-django-devel pass the poudriere test. Are you working on > > that too? > > > > Li-Wen > > > I have not yet touched www/py-django-devel. I figure fewer users are > affected by it, so I wanted to get the stable releases pushed out first. Setting the snapshot date to 20150819 seems to fetch and build fine. Is that OK? Do you follow django development and prefer to carefully choose a different snapshot date to avoid any recent bugs/issues that could affect users?