On Tue, Mar 21, 2006 at 01:15:42PM +0100, Pierre M. wrote: > Package: nvu > Version: 1.0-1 > Followup-For: Bug #306822
> Hello, shouldn't 306822 be reclosed ? > According to p.qa.d.org/n/nvu.html there is no more mips/mipsel problem. > That would be cool to have this wysiwyg tool in Etch. > Isn't it time to reclose that RC bug so that Nvu can enter Etch ? This bug was reported as a security bug due to its use of an internal copy of mozilla when building. nvu is still *not* built on mips/mipsel; instead, the old binaries have been removed -- however, as mozilla itself builds just fine on Debian, it appears that nvu still includes a private copy of mozilla and uses it during the build. With no information about what version of mozilla this is, it's impossible to say whether the *known* security bugs are fixed; but either way, including a private copy of mozilla in the build that's fixed for the *current* set of bugs will still be a problem for the security team when *new* security bugs are found. So the optimal fix here is for nvu to not require a copy of mozilla in its source tree. As a lesser option, thoroughly documenting which version of mozilla nvu is using may be acceptable; if such documentation exists today, it wasn't mentioned in the changelog entry that closed this bug. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
