On Fri, Mar 01, 2013 at 04:08:18PM -0800, Russ Allbery wrote:
> At this point in the release process, I really think upgrading with
> _FORTIFY_SOURCE disabled is the correct fix. Just increasing a buffer
> size is usually not a good idea; that's the sort of change that can paper
> over a deeper problem without actually solving it, just temporarily hiding
> it. At the least, I think it would require more testing than we would be
> able to do at this point.
>
> My recommendation is to apply the change suggested in the bug log to
> disable _FORTIFY_SOURCE for the wheezy release, and then, post-wheezy,
> upload the package with _FORTIFY_SOURCE enabled and possibly with the
> buffer size increased (maybe after discussion with upstream).
I agree, pd isn't security-sensitive anyway.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
