On Mon, 11 Oct 2010 09:46:04 -0500, Jordon Bedwell wrote: > On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote: > > The problem here appears to be the jump to the new upstream version > > (1.8.2 to 1.8.13), which has a different dependency set. New > > upstreams are usually disallowed in security uploads. The question > > is why was that OK in this case, rather than the standard backporting > > approach? > > Perhaps there was more to this "security problem" than they're telling > us?
I highly doubt that there is anything malicious going on here, and there is always the "Debian does not hide problems" mantra. The simplest, and most-likely explanation is that it was easier to update to the new upstream, rather than attempt to backport fixes for 11 separate issues. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101011111548.1afb4e4c.michael.s.gilb...@gmail.com
