[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

Charles Plessy wrote:

> Le Mon, Aug 25, 2008 at 07:16:00AM +0200, Christian Perrier a écrit :
>> - timing wrt the release
>> - timing wrt the "half of the developers are VAC" status we generally
>>   have in August
>> - the obvious lack of preparation
> In addition, security issues should better be reported upstream first so
> that all the distributions have a chance of providing corrected versions
> when the details are made public…

doesn't apply for maintainer scripts, but I agree they should *also* be
reported to upstream.

> Have a nice day,


Reply to: