On Mon, Feb 23, 2009 at 04:37:29PM +0100, Thijs Kinkhorst wrote:
> As I understand it, these files are not usually executed directly, but do
> serve as templates for scripts that are executed, so someone could edit their
> content and hope that an administrator copies the script without noticing the
> change. That seems reason enough for me for a stable security update.
Yes, they are copied by 'git init', and need to be activated manually
through chmod +x by the repository owner.
> We need a sourceful update to prevent the problem from reappearing if someone
> rebuilds the package themselves or a subsequent security upload is made. Your
> patch seems fine. The issue also affects oldstable.
> Gerrit, it would be great if you could provide updated packages for
> stable-security and oldstable-security. Please upload them to
> security-master, and make sure you build with full source ("-sa") at least
> for the stable-security one.
Ok. I not yet understand why we need a sourceful upload. Doesn't this
require bumping the upstream version (version of the orig.tar.gz)? And
if so, why is this necessary?
Regards, Gerrit.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
