[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)
corsac at debian.org
Sun Jan 20 09:44:22 UTC 2013
On dim., 2013-01-20 at 10:40 +0100, Daniel Pocock wrote:
> In practice, people do stuff like this every day, but usually when
> compiling for a single platform where they can see the results
> themselves. I just don't know if there is some more pedantic approach
> to managing this type of risk for updates to stable and would appreciate
> feedback on that, however...
Well, if a oneliner patch is not applied because of autotools, we really
have a problem. And indeed, by only including the oneliner patch, we
make sure nothing else changed in Squeeze, since the buildds still run
the same compilers version it was used before.
> Minimal change would mean exactly what I described: not producing any
> new binary packages for ganglia-monitor.deb, gmetad.deb, etc. We would
> only release the ganglia-web.deb binary package.
We're not interested in binary packages in Debian but you're indeed free
to do that kind of QA work upstream.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part
More information about the Pkg-monitoring-maintainers