On 2014-08-02 17:43, Axel Beckert wrote:
Hi David,
David Kalnischkies wrote:
[...]
It is also a remark on how people think they have installed a
security fix by installing pkgA, while the fix is actually in
libobscureA…
O.o While I can imagine that people don't exactly know in which
dependency the actual issue is located, I can't believe that people
really try to fix issues that way.
While it's not precisely equivalent, there's a reason that openssl DSAs
now include the text "It's important that you upgrade the libssl1.0.0
package and not just
the openssl package".
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
