Re: Should (not) Bug#22941 be fixed before release? (fwd)
> I reported it as "important", because all oldlibs are libc5 based, and
> the user should be able to upgrade ldso and the required oldlibs
> before installing any other libc6 package, i.e. we should not force the
> user to follow any upgrade path, even if there is a "recommended" one.
I can understand this desire, but I'm not sure if it is really neccessary.
It's not the recommended upgrade path and can be worked around by using
the "--force-depends" option.
The downside to fixing this package is the fairly significant chance
of errors. It's a libc5 package, which right away increases the number
of potential problems by a hundredfold. If a small bug were to creep
in, then we'd just have a different (and probably bigger) problem to
deal with.
> p.s. Partially related to this: There were a lot of bugs about security
> holes in /tmp which were also downgraded to normal. Does this mean that
> security holes are not important anymore?
It's a matter of severity. In most cases, the /tmp holes are small and
difficult to exploit, as shown by the many years they have been around
with few problems. Fixes for them are still being allowed into Hamm but
I won't hold up the release for them because I don't feel they are
important enough (hence the severity downgrade). I've talked with Ian
about this and he agrees.
Brian
( bcwhite@verisim.com )
-------------------------------------------------------------------------------
Seize the moment! Live now. Make "now" always the most important time. -- JLP
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: