[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of inspircd?


The LTS team also tries to fix security holes in all packages. Not
only the ones explicitly expressed a need for by the customers. The
ones expressed a need for always have a higher priority.

However if it is like you write that 2.0.5 is full of security holes
and nobody have expressed a need, maybe we should mark it as
unsupported instead.

// Ola

On Wed, Sep 7, 2016 at 4:28 AM, Antoine Beaupré <anarcat@orangeseeds.org> wrote:
> I am a bit surprised to see this - are ircd packages sponsored now?
> There's a similar issue in Charybdis and I deliberately marked it as
> unsupported in LTS because, AFAIK, no customer expressed the need to
> support those yet.
> I'd be glad to see if we can update charybdis in Wheezy as well, but to
> be honest, i think people running IRCs on wheezy are really looking for
> trouble, both in the case of charybdis and inspircd. I think they should
> be marked as unsupported, because they are not supported upstream.
> I had an interesting conversation with the inspircd maintainers
> recently, over IRC: they are basically saying that 2.0.5 is full of
> security holes, and they do not bother with issuing CVEs, so it's really
> hard to tell what version if affected by what.
> It's only because I requested those CVEs that this issue propped up on
> Debian's radar at all, btw...
> A.
> --
> Le pouvoir n'est pas à conquérir, il est à détruire
>                         - Jean-François Brient, de la servitude moderne

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: