Thoughts about separating language packs
Matt Zimmerman
mdz at canonical.com
Thu Nov 4 18:49:54 CST 2004
On Fri, Nov 05, 2004 at 01:22:05AM +0100, Carlos Perelló Marín wrote:
> On Thu, 2004-11-04 at 16:01 -0800, Matt Zimmerman wrote:
> > Right, they won't; the condition was that the package had not yet been built
> > with the language-pack-enabled build environment. But given your plan of
> > rebuilding everything, that is a moot point.
>
> You should take care that some security updates could be to fix a broken
> translation (not sure if that will count as a security update or just a
> bug fix).
>
> I have seen bugs in .po files that breaks the application because an
> error from the translator that forgot a "%s", he put a "%s" where it
> should be a "%d" or an extra "%s" that is not handled by the printf like
> function.
>
> If that could be taken as a security bug, will we upgrade that language
> package?
Since an error like that could cause a crash, if it could be triggered
maliciously, it could be considered a security exposure, in which case we
would do a security update of the language pack.
--
- mdz
More information about the ubuntu-devel
mailing list