The thing I find amazing about this bug is that it took 2 years for someone to notice it. I think in part this is due to the size of debian making it pretty much impossible for someone to review every change that goes in.
In this case it's also a little to do with the complexity of the issue, it was in fact proposed by the vendor to the upstream project development list and no one really noticed it would have a bad side-effect:
http://marc.info/?m=114651085826293&w=2
Something the SuSE guys have done which I'm thinking we should adopt for our patches (in the kernel at least), is a header at the top of each patch detailing its upstream status, (and if not upstream, why not).
Yeah, this should be enforced. We ought to be including signatures for the pristine upstream tarballs in the srpms too (where upstream signs their output). At least we then can know for certain what has been touched outside of upstream.
Cheers, Mark _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
