On Wed, 28 Oct 2009 15:58:49 -0400, Michael Gilbert wrote: > hi all, > > it looks like we can't appropriately mark issues that are addressed via > binnmu's in the tracker. see [0] where advi source is 1.6.0-14 and the > fix is in binnmu version 1.6.0-14+b1. since there is no 1.6.0-14+b1 > source package, the issue is still tracked as unfixed even though it > has been fixed. > > maybe the solution is to avoid binnmu's altogether for security issues, > and instead always at least modify the changelog stating that it is an > nmu addressing a security issue (even if the fix only involves > relinking to an updated library). > > let me know what you think.
since i didn't get any feedback on this question, can i conclude that my suggestion is ok? if there is no disagreement, i will update the tracker documentation to indicate that binnmu's are strongly discouraged for security updates. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
