[Debian-med-packaging] Bug#489678: tree-puzzle: Uses a local copy of libsprng.
Andreas Tille
tillea at rki.de
Mon Jul 7 05:33:41 UTC 2008
On Mon, 7 Jul 2008, Charles Plessy wrote:
> tree-puzzle in Debian is built against a local copy of the SPRNG
> library, and this is against best pactices and recommendations of the
> security team.
Sure.
> However, tree-puzzle uses version 1 and Debian provides
> version 2. So close to the freeze, I do not know if it is wise to make a
> change now.
>
> Your feedback is most welcome.
If somebody finds some time to build a package with the Debian packaged
library instead of the local copy and we find one or two testers I would
prefer to go the clean way and remove the local copy of the library. If
there is no API change linking against the Debian packaged library should
not be that hard.
Kind regards and thanks for catching this (I admit I'm responsible for
not noticing the problem before ...)
Andreas.
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list