[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed mass prototypejs bug filing for multiple security issues

On Mon, 19 Oct 2009 10:52:18 -0500, Gunnar Wolf wrote:
> Michael S Gilbert dijo [Sun, Oct 18, 2009 at 08:43:35PM -0400]:
> > Hi,
> > 
> > The prototypejs script has been found to be vulnerable to a couple
> > security issues [0],[1].  This script is embedded in about 32 other
> > packages and I would like to file bugs against all of those that are
> > affected. Since this would probably be considered a mass filing, I am
> > running it past -devel first.
> > (…)
> Just for the record, I agree with your mass filing (which is not
> massive anyway). 
> However, I'd also suggest your bugs (and as a matter of general
> policy) should invite said maintainers to depend on libjs-prototype
> and symlink it instead of shipping the package's own versions, except
> if there is a _real_ need to do so (i.e. upstream-modified versions of
> prototype or dependance on specific API versions). 

I think I'll have this covered.  As I mentioned in the original
message, I am submitting two bugs for each package.  The second bug is
a request for the maintainer to link to the system prototypejs, which is
the source package for libjs-prototype.


Reply to: