Re: stable-proposed-updates: package slim/1.3.0-1+lenny2
Sorry for the delay in getting back to you.
On Tue, 2010-02-16 at 10:41 +0900, Nobuhiro Iwamatsu wrote:
> 2010/2/16 Nobuhiro Iwamatsu <firstname.lastname@example.org>:
> > 2010/2/15 Adam D. Barratt <email@example.com>:
> >> Hi,
> >> On Sat, 2010-02-13 at 15:51 +0900, Nobuhiro Iwamatsu wrote:
> >>> I prepared an upload to fix a minor security issue in slim.
> >>> I contacted scurity team. They directed me to upload it with
> >>> stable-proposed-updates.
> >>> Full debdiff is attached.
> >> * Replace the screenshot command against /bin/false (cf. bug #537604).
> >> This appears to be a different fix from that which was applied in
> >> unstable for this bug, namely changing the command to use /root instead
> >> of /tmp when saving files; why was that changed for the stable upload?
> > Oh, sorry.
Using a different fix isn't forbidden, if there's a good reason (for
example the package in unstable has changed in ways that make the fix
inappropriate for stable or mean that it won't apply).
In this particular case the fix used in unstable seems like it would
apply to stable as well without causing any issues (since only root
should be able to write to /root anyway) so I was just curious about the
reason for the change.
> > I attached the patch which I changed in revision of unstable.
> > Could you check this patch again?
> I forgot to attach a patch.
The patch looks fine, thanks. Proper attribution of the patches would
be nice though :-) :
+## 05-xauth-cookie-through-pipe.dpatch by <debian@debian>
+## 06-lesser-predictible-mcookie.dpatch by <debian@debian>