[meego-packaging] [meego-commits] 16884: Changes to Trunk:Testing/libtiff
Ryan Ware
ware at linux.intel.com
Mon Apr 25 12:45:49 PDT 2011
On Mon, Apr 25, 2011 at 12:12 PM, Arjan van de Ven
<arjan at linux.intel.com> wrote:
> On 4/25/2011 11:36 AM, Ryan Ware wrote:
>>
>>
>> On Sun, Apr 24, 2011 at 8:08 PM, Arjan van de Ven <arjan at linux.intel.com
>> <mailto:arjan at linux.intel.com>> wrote:
>>
>> On 4/24/2011 7:18 PM, bwang wrote:
>>
>> changes files:
>> --------------
>> --- libtiff.changes
>> +++ libtiff.changes
>> @@ -0,0 +1,3 @@
>> +* Fri Apr 22 2011 Bintian Wang<bintian.wang at windriver.com
>> <mailto:bintian.wang at windriver.com>> - 3.9.5
>> +- Update to version 3.9.5 based on BMC#15056.
>>
>>
>> this is not an appropriate changelog entry.... this does not say
>> why you're updating!
>> (and frankly, the OS is frozen/change controlled so version
>> updates like this better be well justified)
>>
>>
>> I agree the changelog is not sufficiently descriptive on the changes made.
>> It needs to detail all of the changes.
>>
>> oh and your bug is not readable by anyone it seems.
>>
>>
>> It's a security bug. However, to be clear, even security bugs need to
>> follow the change control procedures in place on trunk now.
>
> and fixes to a security bug can be a PATCH... instead of a full version
> rebase.
>
Looking at the 3.9.5 release notes here
(http://www.remotesensing.org/libtiff/v3.9.5.html) it looks like there
were some significant changes outside of just the security fix. Given
where we are in the development cycle, we should not upgrade wholesale
from 3.9.4 to 3.9.5. Please incorporate the specific security patch
to fix BMC#15056 instead of upgrading.
Ryan
More information about the MeeGo-packaging
mailing list