Re: security fix dependency

To: debian-mentors@lists.debian.org
Subject: Re: security fix dependency
From: Matthew Palmer <mpalmer@debian.org>
Date: Fri, 30 Jul 2004 08:55:59 +1000
Message-id: <[🔎] 20040729225559.GA1941@hezmatt.org>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20040729214137.GA30231@pooh>
References: <[🔎] 20040729214137.GA30231@pooh>

On Thu, Jul 29, 2004 at 11:41:37PM +0200, Laszlo 'GCS' Boszormenyi wrote:
> Dear Mentors,
> 
>  I have a seemingly stupid question. Say I am not a DD yet, and has a
> security bug in a package I help maintaining. Upstream fixed it, so the
> package is ready, but upstream requires new library version from a
> dependency than the current Debian version. Asked the library maintainer

Backport *just* the security fix into a new Debian revision.  Upload the new
upstream version when the new version of the dependant library is ready.

If the problem is in some way related to the version of the library, then
that library possibly should have a security bug filed against it, which
would leave it open for a quick NMU if that's what's required to get it
fixed.

- Matt

Reply to:

References:
- security fix dependency
  - From: Laszlo 'GCS' Boszormenyi <gcs@lsc.hu>

Prev by Date: security fix dependency
Next by Date: Re: security fix dependency
Previous by thread: security fix dependency
Next by thread: Re: security fix dependency
Index(es):
- Date
- Thread