Re: freeze exception: lynx-cur 2.8.8dev5-1

[Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>]

Hi,

On Thu, 26 Aug 2010 16:10:22 +0100, Neil McGovern wrote:

> I'm slightly disturbed by the comment that you don't feel you need to
> understand the code in the packages you maintain. This is fairly
> fundamental to package management.

If necessary I could contact an upstream, i.e. lynx-dev ML 
about code, so I don't think it is indispensable to understand
real code.

> Have you talked to the security team about this bug at all?

The security team filed this bug and the upstream replied to it
and released a fixed version. So I packaged it. 
I followed a request from the security team "please also make 
sure to include the CVE id in your changelog entry."
I believe it is a very very simple story, in fact.
Then I don't understand what I should talk to the security team.

You mean you don't trust a fix of the upstream?

And, sorry but, I don't understand if these questions are 
necessary for you to judge if you can add a freeze exception 
for lynx-cur or not.

Best regards,				2010-8-27(Fri)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima