Re: [debian-lts] libvncserver package
Hi Raphael,
Thank you very much for uploading my work.
Did you base your work on the patches that have been released in the
wheezy update?
In fact, most of my work is based on information from this:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762745
It's not that I'm trying to take the fix from security team,
I just thought that it's better with more information from
trusted source. So I add them for further references.
Anyway, I will be careful next time.
Thanks and best regards
CongNT
On 14/04/2015 23:14, Raphael Hertzog wrote:
Hello Nguyen,
Sorry for the delay, this update fell through the cracks. Don't hesitate
to ping us when we don't respond in a timely fashion.
On Mon, 19 Jan 2015, Nguyen Cong wrote:
I would like to send debdiff of libvncserver package for reviewing.
Could any one please review it and give me some comments.
The update was mostly fine, I released it.
Did you base your work on the patches that have been released in the
wheezy update?
I wonder because the patches seem to have identical long descriptions but
have small differences in the meta-data and in one case you seem to have
bundled related hardening changes that were not included in the wheezy
update.
In general, we tend to reuse the work done by the security team when
they have already released a fixed version for stable. And when we diverge
from what they did, it's a good idea to document it in the changelog.
Cheers,
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyenthe@toshiba-tsdv.com
=====================================================================
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
Reply to: