please move webmin 0.94 into woody
[CC to debian-devel in case anyone has a better idea)
aj,
The current upstream version of webmin is 0.970. It fixes a very nasty
security bug.
The current version of webmin in woody is 0.92. I upload 0.92-7 to
woody-proposed-updates with the fix from 0.970 backported. There is also
a source package webmin-ssl in the 0.92 series that also needs to be
fixed--or so I thought. In fact webmin-ssl is missing. I think the
reason is:
The current version of webmin in sid is 0.94. It includes the packages
formerly in webmin-ssl.
The upshot of this is
1. woody will ship with a webmin package that doesn't support SSL. (I
would argue that in itself is a security hazard.)
2. people who were using testing and had webmin-ssl installed will not
get the fix unless they change their apt sources to sid.
I request that you move webmin 0.94 to woody (I will backport the fix to
that version and then upload to proposed updates.) It has been a valid
candidate for sometime and was only held up by a dpendency problem on m68k
which I believe is now fixed. Or if that cannot be done, just remove
webmin from woody completely. Debian has a reputation for being highly
secure and IMO this reputation would be severely tarnished if the present
situation was left as is. Naturally I prefer the first option.
--
Jaldhar H. Vyas <jaldhar@debian.org>
It's a girl! See the pictures - http://www.braincells.com/shailaja/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: