severity 389934 serious thanks On Sun, Nov 26, 2006 at 04:24:22AM -080O0, Steve Langasek wrote: > Hi Bill, > > So my own opinion is that this class of bug should not be RC, at least when > the embedded rpath doesn't lie in an obviously user-writable space such as > /home or /tmp. If you feel strongly that these should be RC, please go > ahead and re-upgrade them. But you may also want to look at > <[EMAIL PROTECTED]>, posted to debian-release by a member of the > security team.
Hello Steve, Thanks for the pointer. There is a difference though, between updating a stable release and fixing a new stable release. It seems to me that the security team is unwilling to fix the issue because it is too much work for little benefit for them and require to modify the package build system which is always something fragile that should not be done for stable update. However, the best course of action is to fix these bugs for Etch so that the release team does not have to make such compromise between stability and security. It is possible to achieve that thanks to lintian and indeed I have reported all such bugs already. If we do not fix them, we run the risk that a future upload of the packages introduce rpath pointing to more problematic locations and go unnoticed. Some of such bugs depends whether the package is installed when building itself. This might point to a larger problem with the packages that might link with the wrong version of libraries. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large blue swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]