[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Addressing the recent zlib issue

* Mark Brown:

> On Tue, Jul 12, 2005 at 06:40:55PM +0200, Florian Weimer wrote:
>> operations.  Unfortunately, we have to check all architectures
>> individually because spurious buildd configuration changes might
>> trigger static linking of zlib.
> Yes, although the main issue is likely to be people shipping a separate
> copy of the source.

Only by looking at the binary, you can tell if the copy which is
contained in the source tarball is actually used.

By the way, I was able to halve the total number of signatures because
they turned out to be endian-independent.  I should have been worried
that the big-endian signature triggers on my x86 system. 8-)
(Clamav seems to report the first matching signature only.)

Reply to: