Re: security fix dependency

To: debian-mentors@lists.debian.org
Subject: Re: security fix dependency
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 30 Jul 2004 11:10:52 -0700
Message-id: <[🔎] 20040730181052.GK4156@alcor.net>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20040729214137.GA30231@pooh>
References: <[🔎] 20040729214137.GA30231@pooh>

On Thu, Jul 29, 2004 at 11:41:37PM +0200, Laszlo 'GCS' Boszormenyi wrote:

>  I have a seemingly stupid question. Say I am not a DD yet, and has a
> security bug in a package I help maintaining. Upstream fixed it, so the
> package is ready, but upstream requires new library version from a
> dependency than the current Debian version. Asked the library maintainer
> recently to upgrade his package, but no answer yet. As the lib is small,
> and it's new upstream version contains only bugfixes, I have packaged
> it, based on the original maintainer's package. My questions:
> - would it be wise to upload the lib to a delayed queue and note the
>   maintainer or not?
> - how should I change the version numbering? If I use the new upstream
>   version, then lintian correctly see that as I am not in the Uploaders
>   field, the packaging is an NMU but with wrong version number...

If the package is in stable, you must take specific actions:

http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security

-- 
 - mdz

Reply to:

References:
- security fix dependency
  - From: Laszlo 'GCS' Boszormenyi <gcs@lsc.hu>

Prev by Date: Re: dpkg and a symlink that gets a directory
Next by Date: Re: dpkg and a symlink that gets a directory
Previous by thread: Re: security fix dependency
Next by thread: RFS: libmqueue - POSIX message queues library for Linux
Index(es):
- Date
- Thread