Hi, On Thu, 26 Aug 2010 16:10:22 +0100, Neil McGovern wrote:
> I'm slightly disturbed by the comment that you don't feel you need to > understand the code in the packages you maintain. This is fairly > fundamental to package management. If necessary I could contact an upstream, i.e. lynx-dev ML about code, so I don't think it is indispensable to understand real code. > Have you talked to the security team about this bug at all? The security team filed this bug and the upstream replied to it and released a fixed version. So I packaged it. I followed a request from the security team "please also make sure to include the CVE id in your changelog entry." I believe it is a very very simple story, in fact. Then I don't understand what I should talk to the security team. You mean you don't trust a fix of the upstream? And, sorry but, I don't understand if these questions are necessary for you to judge if you can add a freeze exception for lynx-cur or not. Best regards, 2010-8-27(Fri) -- Debian Developer - much more I18N of Debian Atsuhito Kohda <kohda AT debian.org> Department of Math., Univ. of Tokushima -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100827.214956.193719333.ko...@pm.tokushima-u.ac.jp
