On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote: > The problem here appears to be the jump to the new upstream version > (1.8.2 to 1.8.13), which has a different dependency set. New > upstreams are usually disallowed in security uploads. The question > is why was that OK in this case, rather than the standard backporting > approach?
Perhaps there was more to this "security problem" than they're telling us? Something we would need to figure out by checking upstream? The only way to find out for sure is if we forward this thread to the package maintainer and ask him to speak out about what is going on. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1286808364.18776.1.ca...@envygeeks
