[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)

Wichert Akkerman wrote:
> Lets ignore all the ones from potato and woody, we don't support that.
> That leaves:
> > xlockmore (4.12-4.1) stable; urgency=high
> > kon2 (0.3.9b-0slink1) stable; urgency=high
> > floppybackup (1.3-2) stable; urgency=high
> > roxen (1.2beta2-3.1) stable; urgency=high
[ That have not been dealt with. ]

It also leaves imap (security fix in frozen, but package present and
probably vulnerable in slink), apache (same), dhelp (same), mh (same),
orbit (same), angband (same, though it's non-free).

> I'm guessing that we'll get a bunch of replies from people stating that  
> they want to volunteer. We'll probably ignore or reject most of those
> since we want people we know we can trust.

Well I hope you can somehow find people, the current state of affairs is
not at all good. :-(

see shy jo, thinking it's a real shame and rather nasty you can't trust
            most developers with such a position.

Reply to: