Bug#401969: please build using hunspell

Steve Kemp skx at debian.org
Sat Dec 9 17:14:56 CET 2006

On Fri, Dec 08, 2006 at 10:32:50PM +0100, Mike Hommey wrote:

> How does the security team feel about having to rebuild iceape,
> iceweasel, icedove (you forgot to file a bug on icedove), OOo and enchant
> if there happens to be a security bug in hunspell ?

  In general having multiple packages needing a rebuild for a
 single security fix is a problem, and not something we'd like
 to have to deal with.

  (For a specific example think of the pdf/gs updates we had to
 make earlier in the year/last year.  Lots of different programs
 with very similar code which didn't always get spotted at the
 same time.)

  A more recent example would be the links + elinks updates.  Links
 was updated first then we updated elinks afterwards when we learnt
 there was shared code ..  (Obvious in retrospect, but if there are
 a lot of packages which would require a rebuild keeping track of
 all of them can be difficult; especially if we don't know about it
 in advance.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20061209/1144b737/attachment.pgp

More information about the pkg-mozilla-maintainers mailing list