On Wed, 26 Jan 2011 14:47:52 +0100, Goswin von Brederlow wrote: > Thijs Kinkhorst <th...@debian.org> writes: > > > * Issues in specific packages > > > > We further discussed some specific problematic packages. One example is > > ia32-libs, which is difficult because it includes 100+ other source > > packages. This will be handled better for Squeeze: we'll have to ensure > > it's as up to date as possible at time of release, and will keep > > updating it in stable point updates to include newer package versions > > from the security archive (or the stable release itself). > > A while back I looked into making the detection of security bugs in > ia32-libs (which is all just code duplication of other packages) > automatic. But the config for that detection would have needed 100+ > config entries, which would ahve become verry ugly to maintain. > > Has there been any change for this?
I think it will be easier to just track the issues in the security tracker manually. I'm already tracking all of the packages in ia32-libs as embedded code copies, and I wrote a script that inserts code copy info into the CVE list automatically. Anyway, I think this can be left up to the security team. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110126114757.aab379fd.michael.s.gilb...@gmail.com
