[Pkg-zope-developers] Re: zope2.7 security fix (bug 334055 )
Martin Schulze
joey at infodrom.org
Mon Nov 21 09:11:11 UTC 2005
A Mennucc wrote:
> maybe it would be wise to allow source only uploads for security,
> so that people on security at d.o may receive the proper sources
> and binaries....
Well, the *problem* is that security-master does indeed allow
source-only uploads. However, when they are transfered to the
main archive, they are rejected, hence, the updated can never
be installed in the main archive. Bummer.
It's better to drop the source or diff.gz or interdiff via mail
or file to the security team and let them handle it. This also
prevents accidential typos, backup files and arbitrary changes
to creep in and also ensures that the package is built in the
proper environment (no sarge pkg on sid and the like).
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.
More information about the Pkg-zope-developers
mailing list