[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TPU for slim

2009/7/22 Nico Golde <debian-release+ml@ngolde.de>:
> Hi,
> * Mike Massonnet <mmassonnet@gmail.com> [2009-07-22 16:36]:
>> 2009/7/22 Nico Golde <debian-release+ml@ngolde.de>:
>> > I'd vote for removing it completely with my security team
>> > hat on. Regarding just this bug it should work to fix this
>> > with:
>> > screenshot_cmd      scrot $(mktemp -d /tmp/scrot_slim.XXXXXX)/scrot.jpg
>> >
>> > as this is passed to system(), I didn't test this though.
>> What does this mean for the state of the package version in lenny? Do
>> you or not consider to remove it?
> For lenny this is no option as vulnerable installations
> would stay vulnerable.

Afaict, a change on a configuration file would need the users approval
with the possibility to see a diff, but if the installed configuration
is untouched by the user, it would be replaced by the new version. If
that is correct, migth the decision be reconsidered?

>> Except the screenshot command I haven't been noticed of anything else.
> What do you mean? What about #529306 and #536542?

Right, by proposing this update I originaly thought about proposing
the debdiff for the xauth change after this inclusion. The debdiff is
still available, I could propose a new debdiff and include the change
that I proposed here.


>> And what does it  mean for the state of the package
>> version in sid? Is the new version considered to
>> be left out from the debian archive?
> I'd remove slim completely from unstable.

Doh, that had made me free of any debian tasks actually. Too bad, and
not to count the wasted time for this in the end. By saying you had
remove the package, you also ment it for 1.3.1, right?

I see qingy is packaged, it would be a good replacement...

> Cheers
> Nico


Reply to: