BLFS Trac wrote: > #2697: Imlib2-1.4.2 and BLFS-6.3. > -------------------------------------+-------------------------------------- > Reporter: a...@… | Owner: blfs-b...@… > > Type: task | Status: new > > Priority: high | Milestone: 6.4 > > Component: BOOK | Version: SVN > > Severity: major | Keywords: > > -------------------------------------+-------------------------------------- > > Comment(by a...@…): > > Replying to [comment:1 bdu...@…]: > > Just post the proposed wording, and we can get this into the errata very > quickly. > > I think it's not matter of wording but it's a matter what is the best > thing to do, so I really don't know, since even if we say to upgrade to > 1.4.1 or to 1.4.2 or apply the patch from gentoo, we'll end up with a > vulnerable package. > > So we have four choices (in my mind), but all of them ugly (more or less): > > a) Ignore the issue > > b) Upgrade to the 1.4.2 to the development book with the applied patch and > simply say to follow the instructions from the development version of the > book > > c) concatenate the two patches and then point to it (in errata) with a > note to apply it (it might have side effects) > > d) (and a similar but more safe but even more uglier) roll a patch with > all the changes to the source code since 1.4.0 > > In my opinion a better option is to release a point release with all the > changes (the current and the one from #2687), but this needs conversation > first, but if I had to choose by those four it would be the second one.
I agree that we should do the 2nd as soon as it gets updated in -dev. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
