According to Simon Josefsson on 2/22/2010 1:15 AM: > Gnulib's DEPENDENCIES says automake 1.9.6 is fine. I think Bruno's > workaround is better than incrementing the required minimum version, if > this problem is the only reason why automake > 1.9.6 would be required > by gnulib.
Yes, I approve of Bruno's patch, since there are some distros that have provided a patched automake 1.9.x that works around the security vulnerability. But my point still remains - if you release a package that was autotooled using unpatched automake 1.9.6, you have put yourself and your downstream users at the risk of the security flaw injected into your package by the insecure automake. So it is still worth considering upgrading to a fixed automake, whether or not gnulib can work around the older automake. -- Don't work too hard, make some time for fun as well! Eric Blake e...@byu.net
signature.asc
Description: OpenPGP digital signature
