On Wed, 2013-02-20 at 07:17 +0000, Adam D. Barratt wrote: > On Sun, 2013-02-17 at 15:36 -0800, dann frazier wrote: > > Agreed; and I think I was unclear. I was taking for granted that we > > *will* do a 46squeeze2 now w/ the CVE-2013-0871 fix and bypass > > 46squeeze1. 46squeeze2 would provide the security-only option. > > > > The question was whether or not we should try and fix p-u by getting a > > -49 into -stable now w/ the CVE-2013-0871 fix, or just make sure > > there's a 48squeeze1 in security for after. Ah - but maybe the point > > you're making is that a 48squeeze1 in security would make 46squeeze2 > > harder to find/install - if so, I can understand that point. > > What's the current thinking here? [...]
Dann identified and backported a large series of older changes as dependencies for the recent fix. Given that this is very tricky code and we don't have any particular experience with it, I think it's too much of a risk to apply these before the point release. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap.
signature.asc
Description: This is a digitally signed message part