Re: To be removed from wheezy as well

[Ola Lundqvist <ola@inguza.com>]

Hi

I agree that it may not be the best to remove it then. I suggest we
mark it as no-dsa then. Any objections?

// Ola

On 22 November 2017 at 21:00, Emilio Pozuelo Monfort <pochu@debian.org> wrote:
> On 08/11/17 20:19, Ola Lundqvist wrote:
>> Hi
>>
>> Considering that this package is about to be removed from jessie I
>> guess it should be removed from wheezy too. How is that done? Should I
>> contact the FTP maintainers about it, or do we simply ignore the
>> issue?
>
> We don't have point releases, so I'm not sure we can get a package removed at
> this stage without extra work by the ftp masters. So our options would be:
>
> - mark as no-dsa if it's not important enough
> - mark as unsupported / end-of-life
> - fix it
> - get it removed
>
> The issue seems only exploitable if it's used by a service that is exposed
> remotely or to other issues... and has no rdeps in wheezy. OTOH there is at
> least one sponsor using that package. So removing it may not be the best course
> given there is a proposed patch. So I'd go with either no-dsa or fix it,
> depending on the assessed importance.
>
> Cheers,
> Emilio



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------