Re: Wheezy update of inspircd?
Hi
The LTS team also tries to fix security holes in all packages. Not
only the ones explicitly expressed a need for by the customers. The
ones expressed a need for always have a higher priority.
However if it is like you write that 2.0.5 is full of security holes
and nobody have expressed a need, maybe we should mark it as
unsupported instead.
// Ola
On Wed, Sep 7, 2016 at 4:28 AM, Antoine Beaupré <anarcat@orangeseeds.org> wrote:
> I am a bit surprised to see this - are ircd packages sponsored now?
> There's a similar issue in Charybdis and I deliberately marked it as
> unsupported in LTS because, AFAIK, no customer expressed the need to
> support those yet.
>
> I'd be glad to see if we can update charybdis in Wheezy as well, but to
> be honest, i think people running IRCs on wheezy are really looking for
> trouble, both in the case of charybdis and inspircd. I think they should
> be marked as unsupported, because they are not supported upstream.
>
> I had an interesting conversation with the inspircd maintainers
> recently, over IRC: they are basically saying that 2.0.5 is full of
> security holes, and they do not bother with issuing CVEs, so it's really
> hard to tell what version if affected by what.
>
> It's only because I requested those CVEs that this issue propped up on
> Debian's radar at all, btw...
>
> A.
> --
> Le pouvoir n'est pas à conquérir, il est à détruire
> - Jean-François Brient, de la servitude moderne
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Folkebogatan 26 \
| opal@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: