Re: Addressing the recent zlib issue
* Mark Brown:
> On Tue, Jul 12, 2005 at 06:40:55PM +0200, Florian Weimer wrote:
>
>> operations. Unfortunately, we have to check all architectures
>> individually because spurious buildd configuration changes might
>> trigger static linking of zlib.
>
> Yes, although the main issue is likely to be people shipping a separate
> copy of the source.
Only by looking at the binary, you can tell if the copy which is
contained in the source tarball is actually used.
By the way, I was able to halve the total number of signatures because
they turned out to be endian-independent. I should have been worried
that the big-endian signature triggers on my x86 system. 8-)
(Clamav seems to report the first matching signature only.)
Reply to: