Le Wed, Feb 29, 2012 at 10:52:10PM +0100, Moritz Muehlenhoff a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > > Since it will be almost impossible to convert all packages before > Wheezy freezes, a specific sub-group of packages receives targeted > attention: > > * All packages, which have had a DSA since 2006 > * All packages, which are of Priority >= important
Dear Moritz and everybody, we are starting to receive bugs, severity important, for packages that are not of the above, where for instance the patch consists in bumping Debhelper's compatibility level from 8 to 9. I admit that I have strictly no understanding of the consequences of not fixing these bugs in a timely manner. Severity important suggests to me that it is better to solve that bug first before doing other works such as introducing new features or updating other packages, and that there is an "important" risk for our users of being victims of attacks that can be prevented by the hardening. Perhaps people could file these bugs at a "normal" severity, if this is not the case. But my main question is the following: In another bug, the problem is that CPPFLAGS is ignored in upstream's makefile. I understand that the semantics of CFLAGS and CPPFLAGS are not the same, but I also note that a large number of our upstreams are not making the difference and use CFLAGS as a catch-all varible. Would it be possible to pass -D_FORTIFY_SOURCE=2 in CFLAGS in addition to CPPFLAGS ? Have a nice day, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120306235717.ga1...@falafel.plessy.net
