Re: security fix dependency
On Thu, Jul 29, 2004 at 11:41:37PM +0200, Laszlo 'GCS' Boszormenyi wrote:
> I have a seemingly stupid question. Say I am not a DD yet, and has a
> security bug in a package I help maintaining. Upstream fixed it, so the
> package is ready, but upstream requires new library version from a
> dependency than the current Debian version. Asked the library maintainer
> recently to upgrade his package, but no answer yet. As the lib is small,
> and it's new upstream version contains only bugfixes, I have packaged
> it, based on the original maintainer's package. My questions:
> - would it be wise to upload the lib to a delayed queue and note the
> maintainer or not?
> - how should I change the version numbering? If I use the new upstream
> version, then lintian correctly see that as I am not in the Uploaders
> field, the packaging is an NMU but with wrong version number...
If the package is in stable, you must take specific actions:
http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security
--
- mdz
Reply to: