Re: binnmu's are untrackable
On Wed, 28 Oct 2009 15:58:49 -0400, Michael Gilbert wrote:
> hi all,
>
> it looks like we can't appropriately mark issues that are addressed via
> binnmu's in the tracker. see [0] where advi source is 1.6.0-14 and the
> fix is in binnmu version 1.6.0-14+b1. since there is no 1.6.0-14+b1
> source package, the issue is still tracked as unfixed even though it
> has been fixed.
>
> maybe the solution is to avoid binnmu's altogether for security issues,
> and instead always at least modify the changelog stating that it is an
> nmu addressing a security issue (even if the fix only involves
> relinking to an updated library).
>
> let me know what you think.
since i didn't get any feedback on this question, can i conclude that my
suggestion is ok? if there is no disagreement, i will update the
tracker documentation to indicate that binnmu's are strongly discouraged
for security updates.
mike
Reply to: