On Mon, 19 Oct 2009 10:52:18 -0500, Gunnar Wolf wrote: > Michael S Gilbert dijo [Sun, Oct 18, 2009 at 08:43:35PM -0400]: > > Hi, > > > > The prototypejs script has been found to be vulnerable to a couple > > security issues [0],[1]. This script is embedded in about 32 other > > packages and I would like to file bugs against all of those that are > > affected. Since this would probably be considered a mass filing, I am > > running it past -devel first. > > (…) > > Just for the record, I agree with your mass filing (which is not > massive anyway). > > However, I'd also suggest your bugs (and as a matter of general > policy) should invite said maintainers to depend on libjs-prototype > and symlink it instead of shipping the package's own versions, except > if there is a _real_ need to do so (i.e. upstream-modified versions of > prototype or dependance on specific API versions).
I think I'll have this covered. As I mentioned in the original message, I am submitting two bugs for each package. The second bug is a request for the maintainer to link to the system prototypejs, which is the source package for libjs-prototype. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
