-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-03-03 14:26, Moritz Muehlenhoff wrote: > On Fri, Mar 01, 2013 at 04:08:18PM -0800, Russ Allbery wrote: >> At this point in the release process, I really think upgrading >> with _FORTIFY_SOURCE disabled is the correct fix. Just >> increasing a buffer size is usually not a good idea; that's the >> sort of change that can paper over a deeper problem without >> actually solving it, just temporarily hiding it. At the least, I >> think it would require more testing than we would be able to do >> at this point. >> >> My recommendation is to apply the change suggested in the bug log >> to disable _FORTIFY_SOURCE for the wheezy release, and then, >> post-wheezy, upload the package with _FORTIFY_SOURCE enabled and >> possibly with the buffer size increased (maybe after discussion >> with upstream). > > I agree, pd isn't security-sensitive anyway.
ok. so i updated the git for the package[1] accordingly. >> Does that sound like the right move? Would it be helpful for >> someone to assist with an NMU? since i'm not in the position of uploading the package myself, i'd like to kindly ask one of you DMs (alessio, paul?) to help me out here. fgmasdr IOhannes [1] git+ssh://git.debian.org/git/collab-maint/puredata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlE01r4ACgkQkX2Xpv6ydvR5fgCfa0QyRHWFpym8qX/f+fbnF0aj G34AoNf//u+mirkVXFW02qKQcb1y1omd =TT8f -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
