On Fri, Dec 08, 2006 at 10:32:50PM +0100, Mike Hommey wrote: > How does the security team feel about having to rebuild iceape, > iceweasel, icedove (you forgot to file a bug on icedove), OOo and enchant > if there happens to be a security bug in hunspell ? In general having multiple packages needing a rebuild for a single security fix is a problem, and not something we'd like to have to deal with. (For a specific example think of the pdf/gs updates we had to make earlier in the year/last year. Lots of different programs with very similar code which didn't always get spotted at the same time.) A more recent example would be the links + elinks updates. Links was updated first then we updated elinks afterwards when we learnt there was shared code .. (Obvious in retrospect, but if there are a lot of packages which would require a rebuild keeping track of all of them can be difficult; especially if we don't know about it in advance.) Steve --
Attachment:
signature.asc
Description: Digital signature