[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#401969: please build using hunspell

On Fri, Dec 08, 2006 at 10:32:50PM +0100, Mike Hommey wrote:

> How does the security team feel about having to rebuild iceape,
> iceweasel, icedove (you forgot to file a bug on icedove), OOo and enchant
> if there happens to be a security bug in hunspell ?

  In general having multiple packages needing a rebuild for a
 single security fix is a problem, and not something we'd like
 to have to deal with.

  (For a specific example think of the pdf/gs updates we had to
 make earlier in the year/last year.  Lots of different programs
 with very similar code which didn't always get spotted at the
 same time.)

  A more recent example would be the links + elinks updates.  Links
 was updated first then we updated elinks afterwards when we learnt
 there was shared code ..  (Obvious in retrospect, but if there are
 a lot of packages which would require a rebuild keeping track of
 all of them can be difficult; especially if we don't know about it
 in advance.)


Attachment: signature.asc
Description: Digital signature

Reply to: