On Mon, Apr 05, 2010 at 12:52:39PM +0200, Michael Tautschnig wrote:
> [...]
>
> >
> > I would proceed in this way:
> > bsh: add bsh-src binary creation
> > jedit:
> > - remove Debian bsh sources (added to the rejected package [2])
> > - add bsh-src as builddep
>
> I think if you do a versioned builddep (exact version) then at the very latest
> an archive rebuild will ensure that jedit gets fixed after a security upload.
> Unless, of course, the security team does rdep checks anyway.
>
> > - apply jedit patch and build against patched bsh.
> > - switch to "public" package like bsh so if someone wanted to
> > write a reflection/AOP patch, it would easily be done without asking.
> >
> > Would it be rejected again?
> >
>
> That now seems to be the security team's decision.
bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100408220221.gc3...@galadriel.inutil.org
