I am curious if there is a policy or best practice for how to handle a
package update containing both a regression fix and also a fix for a new
vulnerability.
If such a thing is not advisable or permissible, then is it best to
handle the regression as one update and then follow-up with the new
vul
Hi Roberto
Others may have a different opinion but I do not see a big problem with
that.
Make a regular DLA with a note that it also contained a regression fix.
Alternatively we issue two DLAs referring to the same software version.
I do not know which approach is the best, but I think both work.
