* Martin Schulze (joey@infodrom.org) wrote: > Don Armstrong wrote: > > > > This raises a valid point; maybe the maintainer can comment on > > > > this? Since we already receive no security updates to php3 from > > > > upstream, is it feasible security-wise to keep it in the > > > > distribution for some years to come? > > > > > > I think the opinion of the stable release manager and security team > > > should rank higher than the maintainer also. > > > > If the RM and or security team feel that a package is likely to be the > > cause of too much grief for them to support security fixes for, they > > should explain that fact to the maintainer(s) (if at all possible) and > > let the maintainer(s) determine if they will take on the burden of > > supporting the package in stable as well. If the maintainer doesn't > > want that burden,[1] the maintainer should file a severity serious bug > > against the package to keep it from being released in stable. > > FWIW: This would mean to remove all of Mozilla and friends, since they > don't receive any security support upstream, and neither the maintainer > or the security team are in a position to backport all fixes and correcte > all stuff in the older versions. (upstream does only support the most > recent version, which will be different about one month after the sarge > release). I'm willing to try for firefox, but I'll admit that in some cases it may be impossible/too much work. -- Eric Dorland <eric.dorland@mail.mcgill.ca> ICQ: #61138586, Jabber: hooty@jabber.com 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ G e h! r- y+ ------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: Digital signature