On Sat, 5 Oct 2013 11:41:55 +0200 Francesco Poli wrote: [...] > I waited some time before speaking again, as I was hoping to see some > comments from other people, possibly members of the release team. > > Anyway, do I understand correctly that this issue has currently a > practical impact only on boxes where non-packaged (== not included in > Debian) programs or libraries which use libgpgme-pth.so or libgpgme+ > +-pth.so are installed? > Could you please confirm this? > > Please do not misunderstand me: I am not trying to argue about the > severity of the bug (whether it is a Policy violation or not, and so > forth...). > I am just trying to clarify which users should avoid upgrading > libgpgme11 because of this issue and which users may safely upgrade > without worrying to break their systems. > > Please let me know. > Thanks for your time. Does anyone have anything to say about this? Please clarify. Thanks for any insight you may share. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpExzHJZPifG.pgp
Description: PGP signature