[FC1] Unofficial Updates to ZLIB
Mike Klinke
lsomike at futzin.com
Mon Aug 8 17:57:46 UTC 2005
On Monday 08 August 2005 10:55, JK wrote:
>
> Yes, and No at the same time.
> These are repackaged versions of the ZLib package.
> The version of ZLib for FC1 you have is correct... although, I
> believe I've only seen one security fix in the current one.
> The BUG fixes are nice; but, not a requirement for Fedora Legacy.
>
> |> Version 1.2.3 eliminates potential security vulnerabilities in
> |> zlib 1.2.1 and 1.2.2, so all users of those versions should
> |> upgrade immediately. The following important fixes are
> |> provided in zlib 1.2.3 over 1.2.1 and 1.2.2:
> |
> | For example, why is this identified with FC1 when the "current"
> | FC1 zlib package that's been released (
> | http://download.fedoralegacy.org/fedora/1/updates/i386/ ) is:
> |
> | rpm -qa | grep -i zlib zlib-1.2.0.7-2.1.legacy
>
> This is correct! Because the released packages for FC1 where
> based on the zlib-1.2.0 software release from ZLib or an
> equivalent snapshot. Not sure exactly which.
> Since that release only patches have been added to the RPM,
> which is correctly done.. Major version bumps are rarely done
> and in some cases frowned upon. Because as you pointed out it
> causes confusion. That said..... Did you read all of my message?
>
Well, maybe it's just me, but I find that a security fix released
against a fedora-legacy supported version ( FC1 ) to fix a version
of a package that was never released to FC1 in the first place and
that will, presumably, not be able to be upgraded with a future
release of the package by the fedora-legacy folks to the "real" FC1
version, should there be one, well, rather confusing.
Perhaps what I'm missing is how this is adding value to
Fedora-legacy?
Regards, Mike Klinke
More information about the fedora-legacy-list
mailing list