Hi! On Sat, Mar 24, 2018 at 04:41:17PM +0100, Georg Faerber wrote: > Some notes (doing this for the first time..): > > - AFAIK, the delta should be kept as small as possible, that's why I > didn't added a description for the patch. It is better to add DEP-3 header anyway. The size of the pach refers only to the size of the actual code change, not to metadata, which could help the security team, and maybe us later, by centralizing in one place the description, links to upstream and Debian bug, and to the origin of the patch. The upstream commit contains tests for this security issue. I think you should add this part too in your patch. You'll have a way to be (more) convinced that the fix indeed works. > > - I've closed the bug targeted at unstable via the changelog, again. Not > sure if this is the correct way? I've used this approach to keep all > information in one place, which is a good thing, IMHO. It is the correct way. Cédric
Attachment:
signature.asc
Description: PGP signature