On Sat, 2013-04-27 at 09:12 +0200, Vincent Bernat wrote: > ❦ 27 avril 2013 09:01 CEST, "Thijs Kinkhorst" <[email protected]> : > > >> Wheezy contains my package jquery-jplayer 2.1.0-1, which is affected by a > >> few security issues which have been recently fixed upstream. One of the > >> issues is CVE-2013-1942. Two other issues, although important, did not get > >> a CVE number. [...] > > * Convert to source format 3.0 (quilt) to apply the patches that carry the > > fixes [...] > Not in the release team either but I disagree that switching to 3.0 > (quilt) is an unacceptable change. This is far more simple than adding a > patch system in debian/rules and better practice than putting those > changes in diff.gz.
Adding a patch system at this stage isn't really appropriate either, I'm afraid. One middle ground that's been used in some other packages is to apply the patch directly but also add a copy of the patch to the source package (possibly in an otherwise unused debian/patches directory). Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
