Re: Claim apache-log4j1.2 and nss in dla-needed.txt

To: "Markus Koschany" <apo@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: Claim apache-log4j1.2 and nss in dla-needed.txt
From: "Chris Lamb" <lamby@debian.org>
Date: Sun, 29 Dec 2019 18:14:30 +0000
Message-id: <[🔎] 16e5ac4c-bb44-4f24-b99f-f6480db78c48@www.fastmail.com>
In-reply-to: <[🔎] 21bf7d72-7354-8594-28d4-4431c82f846d@debian.org>
References: <[🔎] 5d207228-5c53-49ff-804b-2907b1cd797a@www.fastmail.com> <[🔎] 61981808-cf28-4163-9a3d-b5f1ecebd302@www.fastmail.com> <[🔎] 21bf7d72-7354-8594-28d4-4431c82f846d@debian.org>

Hi Markus,

> I think that was a mistake. We definitely should fix apache-log4j1.2 in
> all distributions because a lot of packages depend on it. However the
> vulnerability surfaces only when you use the (optional) option to log to
> a remote server.

Sure thing and I agree with you. Please go ahead. :)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

References:
- Re: Claim apache-log4j1.2 and nss in dla-needed.txt
  - From: "Chris Lamb" <lamby@debian.org>
- Re: Claim apache-log4j1.2 and nss in dla-needed.txt
  - From: "Chris Lamb" <lamby@debian.org>
- Re: Claim apache-log4j1.2 and nss in dla-needed.txt
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Claim apache-log4j1.2 and nss in dla-needed.txt
Next by Date: Re: Claim apache-log4j1.2 and nss in dla-needed.txt
Previous by thread: Re: Claim apache-log4j1.2 and nss in dla-needed.txt
Next by thread: Re: Claim apache-log4j1.2 and nss in dla-needed.txt
Index(es):
- Date
- Thread