> What is our policy in that matter? How do we act when a security > update breaks functionality without adding a new security hole? Does > this warrant a corrected security package? I would rather see a new package fixing this problem in proposed updates. I think that in the past this would have been left broken, but that I consider to be a bad precedent. regards, junichi