On Thu, May 05, 2005 at 04:33:46PM +1000, Paul TBBle Hampson wrote: > On Wed, May 04, 2005 at 02:00:57AM -0700, Steve Langasek wrote: > > On Wed, May 04, 2005 at 04:22:10PM +1000, Paul TBBle Hampson wrote: > > > Anyway, I was wondering if it would be OK if I uploaded a version with the > > > patch... It should be fairly non-intrusive, since it only affects Makefiles > > > that are not used during the Debian archive build (due to OpenSSL/GPL > > > conflicts) but which people routinely build local versions to gain the > > > functionality of. > > Eh, I wouldn't allow a freeze exception solely for users of locally-built > > packages, no. If they're building locally, they can just as well get their > > source package from elsewhere, since they're clearly not going to be running > > official Debian packages when all is said and done anyway. > Acknowledged. Although I'm hoping anyone who's not tracking Debian will be > onto 1.1.0 soon after Sarge ships. > Anyway, I've now got a security bug (#307720) for which I'll try and prepare an > upload this weekend. If I'm allowed a freeze-exception for this, then I'll > upload _just_ the fix for this bug, and continue awaiting release. If not, I'll > upload a version with this fix, the building fix, and one or two other bits > I've got pending, and anything that needs to go into Sarge will have to be a > testing-pending-uploads upload after that. If you determine that 307720 is truly a security bug, we probably want to get it fixed for sarge. And if you're re-uploading anyway, I don't object to including the minor Makefile fix. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature