[20:00] <tlyu> i'm affected by https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/1347656 in Trusty. is it better to request a backport of the 1.19.15 fix to 1.19.14 as SRU or to request an update to 1.19.15 as SRU?
[20:08] <teward> tlyu: a backport won't 'fix' the bug - it'll only exist in the Backports repository.  It may be better to apply the fix as an SRU, but keep in mind that 1.19.x is *not* supported upstream by MediaWiki, and likely receives no security updates unless the community provides them to the Security Team for review
[20:19] <tlyu> oh, interesting. mediawiki apparently got removed from Debian, but there's an open ITP for 1.25?
[20:19] <teward> tlyu: lets keep in mind that mediawiki being dropped is likely due to many reasons
[20:20] <teward> tlyu: the headachey part is that the old packages tend to go EOL really fast
[20:20] <teward> (End of Life, upstream)
[20:20] <teward> this is partly why I only roll MediaWiki out via my own code pushes and tarballs
[20:20] <teward> (which are based on MediaWiki upstream, but only to my servers direct)
[20:20]  * teward shrugs
[20:48] <tlyu> ok i'm seeing how far behind 1.19.15 is on security patches, so maybe updating Trusty to 1:1.19.20+dfsg-2.3 (most recent in Debian Stable) might be a good idea
[21:04] <tlyu> LOL both the Ubuntu and the MediaWiki official documentation recommend avoiding the Ubuntu MediaWiki packages because they're old
[21:04] <teward> tlyu: yes, I recommend avoiding them as well
[21:04] <teward> though i have to because I roll their 'experimental' postgresql support :P
[21:04] <wxl> sheesh
[21:04] <wxl> isn't it 2016?
[21:05] <wxl> incidentially that wouldn't be the first case where someone does not recommend the ubuntu packages
[21:05] <wxl> some things are under heavy development and take a little too long to get downstream to us
[21:06] <teward> wxl: for pre-Xenial, I always strongly-recommend using the NGINX Stable PPA xD
[21:06] <teward> but again, that's a special case since I maintain that too ;)
[21:06] <wxl> there's othercases, as with virtualbox, where you're more likely to get upstream support if you actually use their packages AND they're often more stable
[21:07] <teward> yup
[21:07] <teward> wxl: phpmyadmin comes to mind too, security reasons.
[21:08] <wxl> yuuup