Hi Moritz! Am Dienstag, den 08.12.2009, 20:35 +0100 schrieb Moritz Muehlenhoff: > You should rather use the copy of libltdl currently in the > archive or is there a technical reason, which prevents this?
I'm aware of that and discussed it with upstream. They said it would require quite some changes to the build system, since they decided to use a copy of libtool for technical and practical reasons and only support that. I of course might be able to hack support for using the system libtool into it but I thought fixing security issues in a timely manner is generally prefered, especially if the issue is that simple to fix. Also, I do not quite understand how using Debian's libtool would help, as it seems vulnerable as well and is not fixed yet. If I misunderstood the situation, please correct me. Don't get me wrong: I really appreciate the work the security team does and I wanted to help you by fixing the issue ASAP. If this was wrong, I apologize! The solution as is should be seen as an interim solution. I will try to make Open MPI use libtool, though this is something I can't see to happen in a reasonable time frame at the moment. Leaving RC bugs open for weeks does not help anyone, so I fixed the issue the way I did, by patching the local copy. If this is not an acceptable solution, please reopen. I just had good intentions, and am open to criticism and discussion, and willed to learn. Also, please clarify on the state in etch and lenny. We did not build static libs, so no .la files there. This version of libtool is not used outside of MPI. Am I supposed to fix those packages as well as users might modify debian/rules and build static binaries? I did assume this not to be the case, but I'm irritated now. Best regards Manuel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
