Bug 445184

This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Why does nobody push the packages to updates?
Its a big problem on a public webserver running an outdated php because the
delay for 5.2.6 from php.net was also too long and now after release it wont
come to the machines :-(

http://koji.fedoraproject.org/koji/buildinfo?buildID=48454
http://koji.fedoraproject.org/koji/buildinfo?buildID=48457
http://koji.fedoraproject.org/koji/buildinfo?buildID=48464

Sorry, but another reminder
There is no php 5.2.6 on the repo-servers
http://download.fedora.redhat.com/pub/fedora/linux/updates/9/x86_64/

Can anybody say what here goes wrong?
An external repo has the packages with some additional extensions and some from
fedora missing - It would be a good idea work togehter with this developer

http://rpms.famillecollet.com/fc9.x86_64/

Joe, what is going on here? Are you going to release 5.2.6? Packages have been
build more than a month ago but AFAICS you did not even put them into bodhi.

I seen these for F7, F8 and F9 and I signed all three as working in bodhi /
fedora admin...

All 3 have a karma of +4!!

https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1734
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3864
https://admin.fedoraproject.org/updates/F9/FEDORA-2008-3606

I wonder why I could not find these in bodhi. As obviously updates for all
releases have been pushed can you please close the bug, Joe?

closing as requested in comment #6

Although the problem is fixed I'd like to point out that I find it completely unacceptable that a security critical bug is 
- NEW for more than 15 weeks and
- flagged NEEDINFO for 10 weeks
without any response. :(

If you want things to go faster, you can:

1) help research PHP security issues
2) help write up the security advisory text which accurately describes each issue fixed and the impact on users 
3) help write test cases
4) help out by doing thorough QA of PHP packages in testing and write up what QA you have done

Currently the only feedback for updates is:

a) whining
b) bodhi karma from a set of comments like "it works!"

Neither of these are much use to actually getting the updates shipped.

Correct me if I'm wrong, but none of the things you mention has anything to do with you not responding at all to this bug previously.