Re: To be removed from wheezy as well

To: Ola Lundqvist <ola@inguza.com>, Debian LTS <debian-lts@lists.debian.org>, 881097@bugs.debian.org
Subject: Re: To be removed from wheezy as well
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 22 Nov 2017 21:00:59 +0100
Message-id: <[🔎] 7b3c9e52-d377-4625-6294-01d0796132bc@debian.org>
In-reply-to: <[🔎] CABY6=0nnaFXtBZS4eM0HOA=BqqYaecfzHeaH66VoKBCOh7XYrQ@mail.gmail.com>
References: <[🔎] CABY6=0nnaFXtBZS4eM0HOA=BqqYaecfzHeaH66VoKBCOh7XYrQ@mail.gmail.com>

On 08/11/17 20:19, Ola Lundqvist wrote:
> Hi
> 
> Considering that this package is about to be removed from jessie I
> guess it should be removed from wheezy too. How is that done? Should I
> contact the FTP maintainers about it, or do we simply ignore the
> issue?

We don't have point releases, so I'm not sure we can get a package removed at
this stage without extra work by the ftp masters. So our options would be:

- mark as no-dsa if it's not important enough
- mark as unsupported / end-of-life
- fix it
- get it removed

The issue seems only exploitable if it's used by a service that is exposed
remotely or to other issues... and has no rdeps in wheezy. OTOH there is at
least one sponsor using that package. So removing it may not be the best course
given there is a proposed patch. So I'd go with either no-dsa or fix it,
depending on the assessed importance.

Cheers,
Emilio

Reply to:

Follow-Ups:
- Re: Bug#881097: To be removed from wheezy as well
  - From: tony mancill <tmancill@debian.org>

References:
- To be removed from wheezy as well
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: [Announce] Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available for Download
Next by Date: Re: Bug#881097: To be removed from wheezy as well
Previous by thread: To be removed from wheezy as well
Next by thread: Re: Bug#881097: To be removed from wheezy as well
Index(es):
- Date
- Thread