[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#413926: wordpress: Should not ship with Etch

* Florian Weimer (fw@deneb.enyo.de) [070312 21:22]:
> But all that can be considered best current practice, so to speak, and
> should not necessarily be a reason to exclude a package from a stable
> release.  There might be non-technical concerns regarding the promises
> of security support or the maintenance status in Debian, but I'm not
> qualified to judge that.

After carefull reading of this and the other messages, I tend to come to
this conclusion:

1. Wordpress is no worse than lots of other php applications, and I
don't think we want to do a mass-removal of php applications now. I also
don't think we should discriminate wordpress relative to other php
2. Wordpress per se is security supportable. Neil has worked within the
testing security team for some time, and I don't see reasons why he
shouldn't be trusted for being able to help with security support for
stable as well (Other peoples might have superior knowledge - if so,
please share it with me).
3. We require that applications are "security supportable". So,
concluding from 1 and 2, this criteria seems to be fullfiled for

Under these conclusions, I tend to the following resolution:
1. We thank Moritz Muehlenhoff for bringing issues with wordpress to our
2. We thank Neil McGovern for offering security support for wordpress
during Etch's lifetime.
3. We consider Neils offer mature enough to not consider wordpress
failing the release policys "Packages in the archive must not be so
buggy [...] we refuse to support them."[1].
4. We recommend the release team to consider the same, and adjust the
bug's severity.

[1] http://release.debian.org/etch_rc_policy.txt


Reply to: