On Thu, Nov 13, 2003 at 09:13:37PM +0100, Adrian Bunk wrote: > > And although the patch in 220486 is a nice improvement if it works as > > advertised, I don't think it should be considered RC given that suidperl > > has been using the same flawed security model for years. So getting it > > in sync across archs is more important at this point, IMHO. > I haven't looked into the patch in #220486, but it's also possible that > it's RC and it should even be backported to stable. > But that's the decision of the perl maintainer and the security team. I think it's silly to claim that a flaw that's been well-known for ages constitutes an RC bug that should be allowed to hold up the progress of the release. If this was really RC, it should have shown up long ago and resulted in immediate removal of perl-suid. -- Steve Langasek postmodern programmer
Attachment:
pgpGsv1PqVHVr.pgp
Description: PGP signature