On Tue, 24 Oct 2000, Miquel van Smoorenburg wrote: > It appears to be a normal thing that security NMUs are done without > waiting for a reply from the real maintainer of a package. Oh well.
This is pretty normal, but necessary in a way, unfortunately. I guess the need to have a fix before the problem goes very public is a big motivating factor. I linger on the security list for announcements just in case one of my packages is involved. > I'd probably have packaged the same packages, since there were no > real changes from ypbind-mt-3.6 to ypbind-mt-3.7 - only some cosmetic > fixes and ofcourse the security hole was plugged. Nothing that seems > related to what you are experiencing. Any chance that someone could send me a diff between the two? I can at least look over the changes to see if there's something obvious that could cause a problem on a 64-bit machine. > The only way this can be fixed is if someone with an Alpha is able > to reproduce, debug and fix this, I'm afraid... the package works > fine on i386 (except for the broken Depends: line in the woody version) I wish I had NIS set up here, but I don't :-( I can only do a code review of it since I can't debug it otherwise (unless someone can give me simple directions on setting up a very temporary NIS testing environment). C
