Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
[20.03] lynis: 2.7.5 -> 3.0.0 #92051
Motivation for this change
A major version bump for a stable release is a tough call, since there can be breaking changes.
Can you try and see if the patches can be applíed onto 2.7.5? It should be these two:
@mweinelt Thank you for your vigilance and apologies for the delay.
A fair point, but the first patch was not merged for a year and a half because it's a breaking change. It strikes me as more harmful to merge breaking changes into a prior major version than to merge a major version with breaking changes, especially when upstream was confronted with the same choice and chose to accept the vulnerability. Perhaps we should make the same choice? (We could still apply the second patch, which does not appear to be breaking.)