Florian Weimer wrote: > * Paul Gear: > > >>There certainly have been exceptions to that rule. The maintainer of >>shorewall has been trying for weeks to get a DSA issued about a >>vulnerability, and it seems we have to convince Joey that it *is* a >>vulnerability before he'll issue it. > > > Is this #318946? Correct. > This one is tagged sarge, but it's been closed by > Joey Hess, but probably for testing only. It seems so. We're not talking about that Joey, though. I'm not fully aware of the process that needs to be followed with respect to the BTS. Is there something more that we need to do to get the security team to action this bug for sarge? >>(I don't understand this - how can Joey even *try* to understand >>every security bug?) > > > Part of "stable" means avoiding unnecessary and potentially harmful > changes. Clear policies could help to avoid such misunderstandings. I don't understand what you mean by that, in the context of this bug and the lack of a DSA for shorewall. -- Paul <http://paulgear.webhop.net> -- Did you know? Most email-borne viruses use a false sender address, so you cannot track down the sender using that address. Instead, keep your virus scanning software up-to-date and just delete any suspicious emails you receive.
Attachment:
signature.asc
Description: OpenPGP digital signature