> I don't know what Dapper's security policy is, so I can't be specific, > but wouldn't a potential remote exploit pretty much automatically > qualify for a backport?
A backport requires that the source package builds without modification on dapper. If that's not the case, a fixed package will ned to be uploaded to -security. > (And isn't the point of all this malone complexity to handle the > distinction between dapper and edgy, so that opening another bug is not > necessary to get it fixed in two versions?) Yes, a dapper-backports task on this bug is enough. -- security hole in 2.0.2/2.0.3 https://launchpad.net/bugs/35528 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
