Comment 1 Sam James 2021-02-05 10:13:31 UTC

Duplicate of bug 765796 right? (which we can’t yet move forward with)

Comment 2 Sergei Trofimovich (RETIRED) 2021-02-05 10:32:00 UTC

No, it should not be directly related.

I personally don't plan to backport security fixes to older erlang branches. That means removal (or masking) of vulnerable erlang versions would require porting all revdeps to newer version. I think we only have rabbitmq-server left (bug #755236). We are not there yet.

But rabbitmq-server should not block stabilization of newer erlang versions if they are ready.

Comment 3 Sam James 2021-02-05 10:39:09 UTC

(In reply to Sergei Trofimovich from comment #2)
> No, it should not be directly related.
> 
> I personally don't plan to backport security fixes to older erlang branches.
> That means removal (or masking) of vulnerable erlang versions would require
> porting all revdeps to newer version. I think we only have rabbitmq-server
> left (bug #755236). We are not there yet.
> 
> But rabbitmq-server should not block stabilization of newer erlang versions
> if they are ready.

We usually do stabilisation in the same bug, but cleanup would then be blocked on sorting out revdeps. But I'll just block the bug on this one

Comment 4 Sam James 2021-02-05 10:42:16 UTC

ppc64 done

Comment 5 Sam James 2021-02-05 12:32:01 UTC

amd64 done

Comment 6 Sam James 2021-02-05 15:26:06 UTC

x86 done

Comment 7 Sam James 2021-02-05 15:26:39 UTC

sparc done

Comment 8 Sam James 2021-02-12 13:46:29 UTC

ppc done

all arches done