The bootstrap package must be corrected to stop a medium grade security flaw (CAN-2005-1228). In the bootstrap package, patch(1) is built after gzip(1). The problem lies in the source gzip.c, which must be corrected with patch(1). How would you the architect, like the solution to be?
1 OpenPKG dependency to patch(1). (complicated for slim systems) 2 Build gzip(1) twice when bootstrapping. (costs 30 seconds more) 3 Embed the entire corrected 54Kb gzip.c. (increases maintenance) 4 <Some new idea> All of these choices are bad, but one is less bad. You can offer a choice #4 or state your preference. Otherwise, #2 will be implemented. Regards, Michael -- Michael Schloh von Bennewitz <[EMAIL PROTECTED]> Software Engineer Development, Spacenet AG Joseph-Dollinger-Bogen 14, D-80807 Muenchen
pgp682LNX6ayc.pgp
Description: PGP signature
