[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-6131 binutils, gdb, valgrind etc.



On Thu, Jul 07, 2016 at 10:36:49AM +0200, Santiago Ruano Rincón wrote:
> After talking with Salvatore and Guido, we plan to discuss about the
> no-dsa meaning for oldstable during BoF tomorrow. One of the reasons
> for tagging no-dsa minor issues is to handle them via point-releases.
> Since we don't have this in LTS, "minor" issues like those in binutils
> and co, should be handled/fixed earlier in oldstable.
>
> So, if we have safe fixes, there is no reason to don't release them.

I think it's worth considering to implement a point update mechanism for
LTS as well. A constant stream of non-critical updates imposes additional
work on the people deploying the updates after all (instead of bundling
that every few months for a complete point update en bloc).

Cheers,
        Moritz


Reply to: