El 06/07/16 a las 18:43, Bálint Réczey escribió: > Hi, > > 2016-07-06 18:22 GMT+02:00 Holger Levsen <holger@layer-acht.org>: > > On Wed, Jul 06, 2016 at 05:57:43PM +0200, Markus Koschany wrote: > >> In this specific case I wouldn't do it because of the reasons I have > >> mentioned before but more input from others is welcome. If we decide to > >> fix these issues we also need to take care of valgrind, nescc, > >> libiberty, ht, gdb, gcc-h8300-hms and binutils-h8300-hms. Otherwise it > >> would be rather inconsistent. > > > > I disagree. Perfect is the enemy of good. We have inconsistances in many > > places too. > > > > Brians work was useful and should not be lost. It's good to close > > "minor" security holes. > > I agree. Sometimes exploiting a combination of "minor" issues can be > combined to allow more severe attacks. If the fixes are safe, I think they > should be released. Hi, After talking with Salvatore and Guido, we plan to discuss about the no-dsa meaning for oldstable during BoF tomorrow. One of the reasons for tagging no-dsa minor issues is to handle them via point-releases. Since we don't have this in LTS, "minor" issues like those in binutils and co, should be handled/fixed earlier in oldstable. So, if we have safe fixes, there is no reason to don't release them. Of course, everything is issue-specific. Cheers, Santiago
Attachment:
signature.asc
Description: PGP signature