On Mon, May 13, 2019 at 02:17:46PM +0200, Marco d'Itri wrote:
> I strongly object to adding this package, and its dependency
> gettext-base, to the transitive essential set.
I'll respond to this in a moment. (I agree but it just takes a bit
longer to respond to this.)
> I tried installing it (I had never heard of it before) and I see that it
> immediately complains about the version of binutils currently in
> unstable, so I also have serious doubts about the usefulness of
> a security tool which will always report an alarm.
well, binutils *is* not covered by Debian's security support, and I
do agree that this is useful information this tool should provide.
https://salsa.debian.org/debian/debian-security-support/commit/039d2470d28e858bb29c3f9f0cde8e61e1936719
(and yes, I also agree this is quite a desaster, just like
kde4libs/khtml only is suitable for trusted content, which IOW means,
one should not use konqueror or kmail on the interweb.)
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature