On Mon, 7 Dec 2009 23:16:05 +0000, Moritz Muehlenhoff wrote: > Modified: data/embedded-code-copies > =================================================================== > --- data/embedded-code-copies 2009-12-07 23:07:04 UTC (rev 13485) > +++ data/embedded-code-copies 2009-12-07 23:16:05 UTC (rev 13486) > @@ -1523,7 +1523,8 @@ > - courier-authlib <unfixed> (embed) > - cvsnt <unfixed> (embed) > - dico <unfixed> (embed) > - - freeradius <unfixed> (embed) > + - freeradius 0.1+20010527-1 (embed) > + NOTE: Earliest reference I could find from the changelog is from 27 > May 2001
there was previous discussion that checking against changelog entries was insufficient [0]. has this direction changed? if so, i could have avoided submitting a lot of these libtool bugs by simply checking that the package depends on libltdl and has a changelog entry saying that is the case, but i don't think that would have been considered sufficient. i am expecting maintainers to actually double-check their linking process to verify that they are not pulling in the embedded code. is that asking too much? mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
