On Tue, 8 Dec 2009 10:50:23 -0500, Michael Gilbert wrote: > On Mon, 7 Dec 2009 23:16:05 +0000, Moritz Muehlenhoff wrote: > > Modified: data/embedded-code-copies > > =================================================================== > > --- data/embedded-code-copies 2009-12-07 23:07:04 UTC (rev 13485) > > +++ data/embedded-code-copies 2009-12-07 23:16:05 UTC (rev 13486) > > @@ -1523,7 +1523,8 @@ > > - courier-authlib <unfixed> (embed) > > - cvsnt <unfixed> (embed) > > - dico <unfixed> (embed) > > - - freeradius <unfixed> (embed) > > + - freeradius 0.1+20010527-1 (embed) > > + NOTE: Earliest reference I could find from the changelog is from > > 27 May 2001 > > there was previous discussion that checking against changelog entries > was insufficient [0]. has this direction changed? if so, i could have > avoided submitting a lot of these libtool bugs by simply checking that > the package depends on libltdl and has a changelog entry saying that is > the case, but i don't think that would have been considered sufficient. > > i am expecting maintainers to actually double-check their linking > process to verify that they are not pulling in the embedded code. is > that asking too much?
reference: [0] http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
