[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

Yves-Alexis Perez corsac at debian.org
Sun Jan 20 09:44:22 UTC 2013

On dim., 2013-01-20 at 10:40 +0100, Daniel Pocock wrote:
> In practice, people do stuff like this every day, but usually when
> compiling for a single platform where they can see the results
> themselves.  I just don't know if there is some more pedantic approach
> to managing this type of risk for updates to stable and would appreciate
> feedback on that, however...

Well, if a oneliner patch is not applied because of autotools, we really
have a problem. And indeed, by only including the oneliner patch, we
make sure nothing else changed in Squeeze, since the buildds still run
the same compilers version it was used before.

> Minimal change would mean exactly what I described: not producing any
> new binary packages for ganglia-monitor.deb, gmetad.deb, etc.  We would
> only release the ganglia-web.deb binary package.

We're not interested in binary packages in Debian but you're indeed free
to do that kind of QA work upstream.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-monitoring-maintainers/attachments/20130120/d2895629/attachment.pgp>

More information about the Pkg-monitoring-maintainers mailing list