[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of flightgear?

On 25.03.2015 19:56, Bret Busby wrote:
> On 26/03/2015, Moritz Muehlenhoff <jmm@inutil.org> wrote:
>> On Wed, Mar 25, 2015 at 09:28:01AM +0100, Markus Wanner wrote:
>>> I'm sorry, I don't think I'll have time to work on this, myself. (Nor
>>> do I think games are an important part of an LTS distribution. YMMV,
>>> of course.)
>> I concur. Section:games should probably be excluded from Wheezy LTS.
>>From the first post in the thread;
> "the Debian LTS team would like to fix the security issues"
> So, the LTS is now going to be abandoned, as security issues are
> regarded as not being important?
> Or, is is simply that the LTS system is now going to be allowed to
> collapse, due to the security issues being regarded as unimportant?

The LTS is neither going to be abandoned nor is it going to collapse.
Security vulnerabilities should be evaluated on a case by case basis
though and prioritizing fixes for them is a necessity. The security
tracker notes about flightgear state:


"Negligable security impact, very obscure attack vector"

I agree with Moritz that most games can be excluded from LTS security

a) gamers prefer the latest versions and will almost always upgrade as
soon as possible, often simply because of network incompatibilities
between client and server

b) most games are single player games and exploitable scenarios are rare

I think all efforts should be concentrated on multiplayer client /
server games like OpenArena (ioquake3 engine) with real, exploitable
attack vectors such as:




Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: