© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
> > not that i'm aware of, as you said in comment 9 this is a danger to future srus.
>
> Only if the uploader runs autoreconf manually, right? IOW, it won't happen by accident?
No, running autoreconf manually (and including the updated configure file in the deb source) would actually avoid this problem.
The problem is when the configure.ac file is updated, but the configure file isn't. If make thinks the configure file is up to date then it won't run autoreconf and changes to the configure.ac file won't be picked up in the build. For example running 'touch configure' before dpkg-buildpackage -S, or maybe running 'cp -r' if that somehow left the 'configure' file timestsamp newer than the 'configure.ac' file timestamp.
> If we accept this SRU then an undetected regression introduced by running autoreconf
> would have been staged, the security team would base on that, and then it'd get
> released, hitting users at large.
I don't follow this