[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why do we still have this on the distribution?

* Martin Schulze (joey@infodrom.org) wrote:
> Don Armstrong wrote:
> > > > This raises a valid point; maybe the maintainer can comment on
> > > > this? Since we already receive no security updates to php3 from
> > > > upstream, is it feasible security-wise to keep it in the
> > > > distribution for some years to come?
> > > 
> > > I think the opinion of the stable release manager and security team
> > > should rank higher than the maintainer also.
> > 
> > If the RM and or security team feel that a package is likely to be the
> > cause of too much grief for them to support security fixes for, they
> > should explain that fact to the maintainer(s) (if at all possible) and
> > let the maintainer(s) determine if they will take on the burden of
> > supporting the package in stable as well. If the maintainer doesn't
> > want that burden,[1] the maintainer should file a severity serious bug
> > against the package to keep it from being released in stable.
> FWIW: This would mean to remove all of Mozilla and friends, since they
> don't receive any security support upstream, and neither the maintainer
> or the security team are in a position to backport all fixes and correcte
> all stuff in the older versions.  (upstream does only support the most
> recent version, which will be different about one month after the sarge
> release).

I'm willing to try for firefox, but I'll admit that in some cases it
may be impossible/too much work. 

Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 

Attachment: signature.asc
Description: Digital signature

Reply to: