[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please move webmin 0.94 into woody

[CC to debian-devel in case anyone has a better idea)


The current upstream version of webmin is 0.970.  It fixes a very nasty
security bug.

The current version of webmin in woody is 0.92.  I upload 0.92-7 to
woody-proposed-updates with the fix from 0.970 backported.  There is also
a source package webmin-ssl in the 0.92 series that also needs to be
fixed--or so I thought.  In fact webmin-ssl is missing.  I think the
reason is:

The current version of webmin in sid is 0.94.  It includes the packages
formerly in webmin-ssl.

The upshot of this is

1. woody will ship with a webmin package that doesn't support SSL.  (I
would argue that in itself is a security hazard.)

2.  people who were using testing and had webmin-ssl installed will not
get the fix unless they change their apt sources to sid.

I request that you move webmin 0.94 to woody (I will backport the fix to
that version and then upload to proposed updates.) It has been a valid
candidate for sometime and was only held up by a dpendency problem on m68k
which I believe is now fixed.  Or if that cannot be done, just remove
webmin from woody completely.  Debian has a reputation for being highly
secure and IMO this reputation would be severely tarnished if the present
situation was left as is.  Naturally I prefer the first option.

Jaldhar H. Vyas <jaldhar@debian.org>
It's a girl! See the pictures - http://www.braincells.com/shailaja/

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: