Re: freeze exception: lynx-cur 2.8.8dev5-1
Hi,
On Thu, 26 Aug 2010 16:10:22 +0100, Neil McGovern wrote:
> I'm slightly disturbed by the comment that you don't feel you need to
> understand the code in the packages you maintain. This is fairly
> fundamental to package management.
If necessary I could contact an upstream, i.e. lynx-dev ML
about code, so I don't think it is indispensable to understand
real code.
> Have you talked to the security team about this bug at all?
The security team filed this bug and the upstream replied to it
and released a fixed version. So I packaged it.
I followed a request from the security team "please also make
sure to include the CVE id in your changelog entry."
I believe it is a very very simple story, in fact.
Then I don't understand what I should talk to the security team.
You mean you don't trust a fix of the upstream?
And, sorry but, I don't understand if these questions are
necessary for you to judge if you can add a freeze exception
for lynx-cur or not.
Best regards, 2010-8-27(Fri)
--
Debian Developer - much more I18N of Debian
Atsuhito Kohda <kohda AT debian.org>
Department of Math., Univ. of Tokushima
Reply to: