On 25.03.2015 19:56, Bret Busby wrote: > On 26/03/2015, Moritz Muehlenhoff <jmm@inutil.org> wrote: >> On Wed, Mar 25, 2015 at 09:28:01AM +0100, Markus Wanner wrote: >>> I'm sorry, I don't think I'll have time to work on this, myself. (Nor >>> do I think games are an important part of an LTS distribution. YMMV, >>> of course.) >> >> I concur. Section:games should probably be excluded from Wheezy LTS. [...] >>From the first post in the thread; > > "the Debian LTS team would like to fix the security issues" > > So, the LTS is now going to be abandoned, as security issues are > regarded as not being important? > > Or, is is simply that the LTS system is now going to be allowed to > collapse, due to the security issues being regarded as unimportant? The LTS is neither going to be abandoned nor is it going to collapse. Security vulnerabilities should be evaluated on a case by case basis though and prioritizing fixes for them is a necessity. The security tracker notes about flightgear state: https://security-tracker.debian.org/tracker/CVE-2012-2090 https://security-tracker.debian.org/tracker/CVE-2012-2091 "Negligable security impact, very obscure attack vector" I agree with Moritz that most games can be excluded from LTS security because a) gamers prefer the latest versions and will almost always upgrade as soon as possible, often simply because of network incompatibilities between client and server b) most games are single player games and exploitable scenarios are rare I think all efforts should be concentrated on multiplayer client / server games like OpenArena (ioquake3 engine) with real, exploitable attack vectors such as: https://bugs.debian.org/665656 Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature