Re: Why do we still have this on the distribution?
Don Armstrong wrote:
> > > This raises a valid point; maybe the maintainer can comment on
> > > this? Since we already receive no security updates to php3 from
> > > upstream, is it feasible security-wise to keep it in the
> > > distribution for some years to come?
> >
> > I think the opinion of the stable release manager and security team
> > should rank higher than the maintainer also.
>
> If the RM and or security team feel that a package is likely to be the
> cause of too much grief for them to support security fixes for, they
> should explain that fact to the maintainer(s) (if at all possible) and
> let the maintainer(s) determine if they will take on the burden of
> supporting the package in stable as well. If the maintainer doesn't
> want that burden,[1] the maintainer should file a severity serious bug
> against the package to keep it from being released in stable.
FWIW: This would mean to remove all of Mozilla and friends, since they
don't receive any security support upstream, and neither the maintainer
or the security team are in a position to backport all fixes and correcte
all stuff in the older versions. (upstream does only support the most
recent version, which will be different about one month after the sarge
release).
Regards,
Joey
--
In the beginning was the word, and the word was content-type: text/plain
Please always Cc to me when replying to me on the lists.
Reply to: