Le 28/07/2014 16:03, Peter Robinson a écrit : >>> If the udpate broke packages: a) it should not have been updated on stable >>> releases (was it?), >> >> Two updates have been filed hours ago, >> >> https://admin.fedoraproject.org/updates/json-c-0.12-1.fc20 >> https://admin.fedoraproject.org/updates/json-c-0.12-1.el6 >> >> and it seems the upgrade has not been examined at all. I've mentioned in >> bugzilla that there are tools such as rpmsodiff and abi-compliance-checker. > > There is no way an intrusive change such as this should be going > through to a stable release such as F-20, even worse for an EPEL > release. If it's deemed that a change such as this needs to go through > to a stable release due to something severe such as a security issue > it needs to announced before it happens and coordinated widely before > randomly being pushed without any details with dependent libraries and > applications. > > Peter > And despite the update claims to fix CVE-2013-6371, this one was already fixed in https://admin.fedoraproject.org/updates/FEDORA-2014-5006 Remi. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
