Re: Fw: Accepted haskell-network 184.108.40.206-1 (source all i386)
David Fox wrote:
> On Mon, Jun 15, 2009 at 9:03 PM, John Goerzen <firstname.lastname@example.org
> <mailto:email@example.com>> wrote:
> On Tue, Jun 16, 2009 at 01:15:20PM +1000, Trent W. Buck wrote:
> > Perhaps I've misunderstood. Isn't 0.5.0.0 zlib's release version (as
> > well as its API version)? That is, you cannot have two tarballs on
> > hackage both called zlib-0.5.0.0.tar.gz.
> There's nothing that says we can't backport the fix for zlib just like
> we do for other things.
> I'm not sure I understand exactly how this answer addresses the
> question - does a backport give the new upstream version of zlib with
> the fix a different version number? Does it involve modifying the
> dependencies of haskell-platform?
You just take the bits of the diff that actually fix the bug and apply
them to the version already in Debian. This is standard policy for
fixing security issues in stable. Only the Debian version number
changes, so if the haskell-platform dependencies are managed well, they
would have no problem.
Though in the case of a library, since we don't have dynamic linking in
Haskell, everything that uses it will need to be rebuilt to. But that
has nothing to do with haskell-platform.