On Tuesday 26 August 2008 03:21:46 Nico Golde wrote: > why did you remove it instead of just fixing it? Now people > who already installed this stay vulnerable which I don't > really consider to be good.
I'm not sure what you mean: removing and fixing an unused script have precisely the same the same effect. Just in case there is confusion, the sng package was not removed. What was remove was an unused, obsolete, buggy development script that erroneously installed. As stated in the changelog: "removing sng_regress because it's useless for users, and now has a security bug filed against it." It was a mistake to ever include it in the package in the first place, so removing it is the right course of action here. If you (or anyone else) would like to submit a patch to fix sng_regress, I will be happy to apply the patch in the source package, but I don't plan to including sng_regress as a binary in the sng package. -- Wesley J. Landaker <[EMAIL PROTECTED]> <xmpp:[EMAIL PROTECTED]> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
signature.asc
Description: This is a digitally signed message part.
