[Merge] lp:~davbo/ubuntu/trusty/jq/merge-debian-changes into lp:ubuntu/trusty/jq
Seth Arnold
seth.arnold at canonical.com
Tue May 2 23:15:25 UTC 2017
Review: Needs Fixing
Hello David,
Thanks for trying to address outstanding security issues in Ubuntu. However, this isn't really the best approach to take for these issues:
- Sadly this 'merge proposal' mechanism still exists even though it's entirely unused these days. Please prefer the method documented in https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging for security fixes.
- These changes are quite drastic for two security fixes; it's almost always better to find the smallest possible patches that address an issue rather than taking in wholesale new versions, because wholesale new versions are more likely to introduce bugs. Small security-only patches are also usually easier to review.
Thanks
--
https://code.launchpad.net/~davbo/ubuntu/trusty/jq/merge-debian-changes/+merge/322510
Your team Ubuntu branches is subscribed to branch lp:ubuntu/trusty/jq.
More information about the Ubuntu-reviews
mailing list