Florian Weimer wrote:
> * Martin Schulze:
>
> > So a summary would be to leave the package as it is in sarge, right?
>
> Based on the facts, I reach the opposite conclusion. The upstream
> changes should be merged. However, since easy workarounds are
> possible, we might get away without code changes, if issuing the
> update Lorenzo has prepared is too cumbersome for some reason.
>
> A DSA informing our users about the problem is necessary, even if no
> code changes take place. I'm surprised that there is any debate about
> this aspect. I thought that the question was if the upstream changes
> are too risky for an update to the stable distribution.
Then apparently I was unable to parse your mail. Please try again.
What was the behaviour pre-sarge?
What is the behaviour post-sarge (or rather in sarge)?
What do you think is the vulnerability?
Why do you think there should be a DSA and what should
it cover?
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
