Hello, As there is no progress with this issue since nearly two months, I would now suggest to go along with the third option cited below. I think a 'libkrb5-static package' is a good compromise to solve both bugs and enable me to use curl with aide.
What do you think? Best regards Hannes On Wed, May 15, 2013 at 08:06:23AM -0400, Sam Hartman wrote: > My recommendation is that we talk to the security team. > The biggest disadvantage of all these static libs running around is the > number of packages they need to do security updates for. > We could ask them about whether it's better to have: > > 1) no static aide > > 2) a static libcurl with less functionality, so aide needs to get > libcurl security updates but not krb5 security updates > > 3) A static aide with libcurl and somewhat crippled Kerberos meaning > that aide needs to get libcurl and krb5 updates. > In addition libcurl might potentially need to get rebuilt on Kerberos > security updates. > > I'm happy to go along with whatever they are comfortable with. > I'd stick the static libs probably in a libkrb5-static package. > > --Sam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
