On Mon, Apr 25, 2011 at 12:12 PM, Arjan van de Ven <[email protected]> wrote: > On 4/25/2011 11:36 AM, Ryan Ware wrote: >> >> >> On Sun, Apr 24, 2011 at 8:08 PM, Arjan van de Ven <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 4/24/2011 7:18 PM, bwang wrote: >> >> changes files: >> -------------- >> --- libtiff.changes >> +++ libtiff.changes >> @@ -0,0 +1,3 @@ >> +* Fri Apr 22 2011 Bintian Wang<[email protected] >> <mailto:[email protected]>> - 3.9.5 >> +- Update to version 3.9.5 based on BMC#15056. >> >> >> this is not an appropriate changelog entry.... this does not say >> why you're updating! >> (and frankly, the OS is frozen/change controlled so version >> updates like this better be well justified) >> >> >> I agree the changelog is not sufficiently descriptive on the changes made. >> It needs to detail all of the changes. >> >> oh and your bug is not readable by anyone it seems. >> >> >> It's a security bug. However, to be clear, even security bugs need to >> follow the change control procedures in place on trunk now. > > and fixes to a security bug can be a PATCH... instead of a full version > rebase. >
Looking at the 3.9.5 release notes here (http://www.remotesensing.org/libtiff/v3.9.5.html) it looks like there were some significant changes outside of just the security fix. Given where we are in the development cycle, we should not upgrade wholesale from 3.9.4 to 3.9.5. Please incorporate the specific security patch to fix BMC#15056 instead of upgrading. Ryan _______________________________________________ MeeGo-packaging mailing list [email protected] http://lists.meego.com/listinfo/meego-packaging
