[Debian-med-packaging] Bug#489678: tree-puzzle: Uses a local copy of libsprng.

Moritz Muehlenhoff jmm at inutil.org
Mon Jul 7 11:40:57 UTC 2008


[This message has also been posted to gmane.linux.debian.devel.security.]
Charles Plessy <plessy at debian.org> wrote:
> tree-puzzle in Debian is built against a local copy of the SPRNG
> library, and this is against best pactices and recommendations of the
> security team. However, tree-puzzle uses version 1 and Debian provides
> version 2. So close to the freeze, I do not know if it is wise to make a
> change now.

I've added it to our tracker, so that we can evaluate tree-puzzle if a security
issue should be found in sprng. Please drop us a line if you link tree-puzzle
dynamically after Lenny release.

Cheers,
        Moritz





More information about the Debian-med-packaging mailing list