[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#824057: ITP: bitkeeper -- source code management system

On 12.05.2016 03:07, Ben Hutchings wrote:
> On Wed, 2016-05-11 at 13:55 -0700, Russ Allbery wrote:
>> Daniel Stender <stender@debian.org> writes:
>>>
>>> Distributed source control management/revision control system. Known as
>>> being used for the Linux kernel development before Git was created.  The
>>> now have put the code under the Apache-2.0 license. Maybe some would
>>> like to use this, so it would do no harm to have it as a Debian package.
>> FWIW, there was a fairly entertaining exchange on oss-security earlier
>> this week in which someone pointed out it was riddled with /tmp
>> vulnerabilities found with a simple grep, and the author said that no one
>> had cared because it was only deployed behind firewalls.
> 
> That's a stunningly blasé attitude to security at this point in time.
> 
> I really don't think we need more known-vulnerable software in the
> archive.
> 
> Ben.

Agree. It shouldn't be included like it is now.

Daniel

-- 
4096R/DF5182C8
http://www.danielstender.com/blog/
Reply to: