Re: Proposed mass prototypejs bug filing for multiple security issues
On Mon, 19 Oct 2009 10:52:18 -0500, Gunnar Wolf wrote:
> Michael S Gilbert dijo [Sun, Oct 18, 2009 at 08:43:35PM -0400]:
> > Hi,
> >
> > The prototypejs script has been found to be vulnerable to a couple
> > security issues [0],[1]. This script is embedded in about 32 other
> > packages and I would like to file bugs against all of those that are
> > affected. Since this would probably be considered a mass filing, I am
> > running it past -devel first.
> > (…)
>
> Just for the record, I agree with your mass filing (which is not
> massive anyway).
>
> However, I'd also suggest your bugs (and as a matter of general
> policy) should invite said maintainers to depend on libjs-prototype
> and symlink it instead of shipping the package's own versions, except
> if there is a _real_ need to do so (i.e. upstream-modified versions of
> prototype or dependance on specific API versions).
I think I'll have this covered. As I mentioned in the original
message, I am submitting two bugs for each package. The second bug is
a request for the maintainer to link to the system prototypejs, which is
the source package for libjs-prototype.
Mike
Reply to: