[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413926: Extra FUD cleanup

Hi Kai,

> Wordpress does publish md5sums:
> http://wordpress.org/download/release-archive/
> Btw 2.1.x is an unstable branch. The Wordpress stable branch 2.0.x is
> for etch, hopefully. So I like to think 2.0.x of being on topic, not so
> much 2.1.x.

Thanks for the clarification.

I've been doing quite some security updates for packages like wordpress
that have many security issues and where upstream was not quite
cooperative. I'm therefore interested in getting the right decision made
on wordpress support, not per se any particular one, but one based on as
many facts as possible.

When these facts turn out to have a good explanation, all the better of

| This is the unstable branch

You have uploaded 2.1.x to Debian, so you expect this unstable branch to
become stable before lenny is released?

| MD5 sums are published

Good. Those weren't referenced though from the security announcement. It
would have taken some searching to find them. Also I still can't find an
example of the exploit code that was inserted. Appearently more
information is available but needs to be researched. I'd advise upstream
to just say clearly in their announcement how to diagnose the problem.

I'm not entirely convinced about the handling of this by upstream, but
given the combination of a development version and that the information
is at least somewhere to be found, I think this is acceptable after some

I'm not too happy though with your reference to "FUD" which in my view
implies malicious intent on my side. I hope that was not intended that


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: