On Sun, 2012-05-06 at 22:48 +0200, Cyril Brulebois wrote: > gregor herrmann <gre...@debian.org> (06/05/2012): > > Attached is a backport of the fix for squeeze; reviews welcome. > > > > Dear security and release teams: Please advise on how to proceed; > > does s-p-u sound right for this isse? > > I'm happy to take it for s-p-u, but the merge window is supposed to > close this weekend. Given the fix looks pretty straightforward, I think > I'd take it even if that's a little late. Adam, do you concur?
It is closing this weekend, although the exact definition may depend on when I wake up tomorrow :) (given that it's a public holiday) I'm a little torn here. The fix is indeed small and straight-forward, but: > (No error handling when doing I/O? Bad. But oh well, using tempfile > makes it look better anyway.) Specifically, a loss of error handling. The original version at least let the caller gracefully handle the failure, whereas the new version is technically an API change in that the function is defined as returning undef in the case of failure and no longer does if creating the temporary file fails; I'm not sure how well the (several) r-deps in the archive will handle that. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org