libmail-audit-perl: fix or drop?
Hi,
I'm looking at libmail-audit-perl, and it seems to have quite many
issues:
* insecure /tmp handling (#344029)
+ serious
+ easy to fix
* insufficient mbox locking (#127558)
+ should probably be serious, as it's a policy violation
+ fix by using lockfile-progs?
* doesn't work with lists + maildir (#253505)
+ partial patch exists but backwards-compatibility is an issue
* uses /var/spool/mail (#272303)
+ trivial to fix
Since the module is officially unsupported upstream [1], I'm
wondering if it's time to drop the package rather than fix it.
Upstream recommends Email::Filter as a replacement, but that
isn't packaged for Debian yet.
The only reverse dependency for libmail-audit-perl (except for
mail-audit-tools, which comes from the same source package) is
a Suggests: in libmail-tools-perl.
Opinions?
[1] http://cpanratings.perl.org/dist/Mail-Audit
--
Niko Tyni ntyni@cc.helsinki.fi
Reply to: