[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)
Daniel Pocock
daniel at pocock.com.au
Sun Jan 20 10:03:10 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 20/01/13 10:44, Yves-Alexis Perez wrote:
> On dim., 2013-01-20 at 10:40 +0100, Daniel Pocock wrote:
>> In practice, people do stuff like this every day, but usually
>> when compiling for a single platform where they can see the
>> results themselves. I just don't know if there is some more
>> pedantic approach to managing this type of risk for updates to
>> stable and would appreciate feedback on that, however...
>
> Well, if a oneliner patch is not applied because of autotools, we
> really have a problem. And indeed, by only including the oneliner
> patch, we make sure nothing else changed in Squeeze, since the
> buildds still run the same compilers version it was used before.
If that is the case, then there is no problem
>> Minimal change would mean exactly what I described: not producing
>> any new binary packages for ganglia-monitor.deb, gmetad.deb, etc.
>> We would only release the ganglia-web.deb binary package.
>
> We're not interested in binary packages in Debian but you're indeed
> free to do that kind of QA work upstream.
I'm not quite sure what you mean there... any package produced by
dpkg-buildpackage is, by definition, a binary package, even in the
case of ganglia-web.deb, which just contains un-compiled PHP text
files copied from the source package.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJQ+8DdAAoJEOm1uwJp1aqDQRcP/Aywf7JlW2GMXEgvsEk0avZw
gsFhHGWcznl3yYfwEsCxePFzyhLSsaAsaJlCSLuPhShpR1m3+eMvahxCuVmseSSS
E8BqvJM5zP/j7UAo81nlmvcq59pq1LX9e0HoV7kLwxD+DodyFAkzHMfkndhyeytp
rtBDwZAC/Dz93dlSNGnt1ZiMNLMTrHNq+xvTKWQk5gc+xCNZiGgtZGnB1SSeGqqp
khcIY01n7JNYgAXEM5920J9ubWkmS6lE0K8L0S0pkkhsWwqtW2HHESDtFQoICIlS
EE4xGQ+T/KG8q6Jl7zQVi43I0mF+y23xgr/S3CgTKVCwXA1iuyYDdYm7ouDoysK/
vyfrBJk1+e/s+q4uzysYwEWUBR/Vk683H6SyTxS0Zqvav0DvFvMJrdUnraCfAVwN
G32yoZhYhVfP1Z39Pr04Z4eU/rlWKswGGqrZHHrwajth7b/68Uec1v3qnrbzkp8p
h0pST8ZLTqvPAhpLWJn1K8vBie5NFPQ4nlUr3BRUD37eYfHWrPb5ZEUuJFY4dziY
bHhbcQTVnO+hjr3oZ1BuYn2JhuGIhjCeyvMexO2QzkcBZG44jE4SNiPVbHLdC99/
GIUEWB0HQ3DEGVJT8LL7AsKWPPk/oBSKF14uq6YBOwWEoc0j6wMaEwVYXTuNuFqb
mrgvNyANH/9Y7TbLolWT
=BVc2
-----END PGP SIGNATURE-----
More information about the Pkg-monitoring-maintainers
mailing list