> This one time, at band camp, Michael Tautschnig said:
> > > OMG, I forgot about the missing { } -- I guess we should ask the security
> > > team
> > > to wait for another upload fixing this? I can do it, but would like to
> > > get your
> > > ok.
> > >
> >
> > Well, that is a bug indeed, but the cli_filecopy function (which contains
> > that
> > code) is never actually called!? So, should we fix it or not?
>
> Hmm, how odd. It appears you're right. I'd say it's probably better to
> make the first patch correct, but it seems a lot less important if it's
> in an unreachable code path.
>
> I'll leave it up to you guys and the security team whether or not it's
> worth fixing. The technical part is trivial - it's both an obvious bug
> and an easy fix, but I don't want to force the security team to review
> more than we already ask them to.
> I took the liberty not include that in etch16 but instead already started preparing etch17 in git. I've loaded security team with work too much already for today :-) Best, Michael
pgpiipM2keGe3.pgp
Description: PGP signature
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
