[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] maint: add a syntax-check rule to check for vulnerable Makef
Re: [PATCH] maint: add a syntax-check rule to check for vulnerable Makefile.in
Wed, 27 Jan 2010 18:34:28 -0700
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20090812 Thunderbird/184.108.40.206 Mnenhy/0.7.6.666
According to Jim Meyering on 1/27/2010 2:42 PM:
> I've just pushed this to coreutils.
> I propose to move the rule to gnulib's maint.mk.
> Why? Just noticed that Fedora 11 is still using a vulnerable
> version of automake-1.11, and that some projects don't require
> Any objections or suggestions?
I like it. It lets projects stick with automake 1.10.3, or even a
vendor-patched 1.9.6+, without falling prey to unpatched 1.10.2 or 1.11.
coreutils, and any other package that already requires 1.11 features (like
building configure scripts that accept --enable-silent-rules) only benefit
by avoiding 1.11, but they can likewise do that by requiring 1.11.1. But
packages that intend to support older automake releases definitely
benefit, so I say move it to gnulib's maint.mk.
+ 'see http://bugzilla.redhat.com/542609 for details' \
That bug report only lists a handful of comments to the public; are we
missing anything in the remaining comments that were screened for security?
Don't work too hard, make some time for fun as well!
Eric Blake address@hidden
Description: OpenPGP digital signature