Re: Food for thought - SECURITY (design flaw?)
>>>>> "Lazarus" == Lazarus Long <lazarus@overdue.dhis.net> writes:
Lazarus> <snippet>
Lazarus> micq (0.4.6-4) unstable; urgency=low
Lazarus> * Adopted micq package
Lazarus> + Patched micq to reconnect when server sends 'Go Away!' command.
Lazarus> -- Sander Smeenk <ssmeenk@debian.org> Tue, 23 Jan 2001 22:47:10 +0200
Lazarus> micq (0.4.6-3) unstable; urgency=HIGH
Lazarus> * Applied patch from Guillaume Morin <gemorin@debian.org> to fix a
Lazarus> possible remote exploit reported in BugTraq. Thanks!
Lazarus> -- Jordi Mallach <jordi@debian.org> Sun, 21 Jan 2001 20:08:51 +0100
Lazarus> </snippet>
Lazarus> An "urgency=HIGH" patch, taking weeks to hit woody
Lazarus> machines ... Hmmm.
How long should it normally take urgency=high packages to get through
to testing (assuming auto builders don't encounter problems)?
My guess from the above, is that 0.4.6-3 was uploaded to unstable, but
before it could get through to testing, 0.4.6-4 has
uploaded. (probably 2 days latter).
I would assume that the priority of 0.4.6-4 would be used
(urgency=low), not the priority of 0.4.6-3 (urgency=high). Am I right
or wrong?
(I tend to think that the urgency field of all versions from the last
version in testing should be used, eg. max(high,low)=high, assuming
that the last version in testing was 0.4.6-2)
--
Brian May <bam@debian.org>
Reply to: