[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: To be removed from wheezy as well

On 08/11/17 20:19, Ola Lundqvist wrote:
> Hi
> Considering that this package is about to be removed from jessie I
> guess it should be removed from wheezy too. How is that done? Should I
> contact the FTP maintainers about it, or do we simply ignore the
> issue?

We don't have point releases, so I'm not sure we can get a package removed at
this stage without extra work by the ftp masters. So our options would be:

- mark as no-dsa if it's not important enough
- mark as unsupported / end-of-life
- fix it
- get it removed

The issue seems only exploitable if it's used by a service that is exposed
remotely or to other issues... and has no rdeps in wheezy. OTOH there is at
least one sponsor using that package. So removing it may not be the best course
given there is a proposed patch. So I'd go with either no-dsa or fix it,
depending on the assessed importance.


Reply to: