On Thu, Jul 29, 2004 at 11:41:37PM +0200, Laszlo 'GCS' Boszormenyi wrote: > I have a seemingly stupid question. Say I am not a DD yet, and has a > security bug in a package I help maintaining. Upstream fixed it, so the > package is ready, but upstream requires new library version from a > dependency than the current Debian version. Asked the library maintainer > recently to upgrade his package, but no answer yet. As the lib is small, > and it's new upstream version contains only bugfixes, I have packaged > it, based on the original maintainer's package. My questions: > - would it be wise to upload the lib to a delayed queue and note the > maintainer or not? > - how should I change the version numbering? If I use the new upstream > version, then lintian correctly see that as I am not in the Uploaders > field, the packaging is an NMU but with wrong version number...
If the package is in stable, you must take specific actions: http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
