I agree that letting my package hold back a security update would be a bad thing, and this would happen with a strict versioned dependency. I don't see any way to avoid this, so I propose that I don't make the dependency so strict.
As you say, this has the potential to break should the API change, but this is unlikely in a stable release (as the security fix would be backported). I think that's the best that could be managed save for upstream declaring the API stable. -- Please add a samba-dev package https://bugs.launchpad.net/bugs/302004 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
