Hello, throwing in my two cents:
* Ben Pfaff wrote on Tue, Jan 12, 2010 at 06:23:32PM CET: > Eric Blake writes: > > > Meanwhile, based on the recent security hole in older automake, > > should we bite the bullet and require automake 1.10.3 or better > > (which in turn bumps the minimum autoconf requirement from 2.59 > > up to 2.60)? > > Debian stable has Automake 1.10.1. In my opinion it would be sad > to exclude that version, if it's possible to allow it. More to the point, I don't think you should exclude any Automake version due to a security bug based on version number alone. They can all be patched quite trivially (patches exist in the git branches), and I expect that distributors do that instead of moving lots of code bases to newer Automake. Or, let's say, I hope they do something. ;-) Cheers, Ralf PS: we could write a feature test, disallowing broken Automake ...
