[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arla/heimdal/krb4/cyrus-sasl2 ?

On Thu, Nov 13, 2003 at 09:13:37PM +0100, Adrian Bunk wrote:

> > And although the patch in 220486 is a nice improvement if it works as
> > advertised, I don't think it should be considered RC given that suidperl
> > has been using the same flawed security model for years.  So getting it
> > in sync across archs is more important at this point, IMHO.

> I haven't looked into the patch in #220486, but it's also possible that
> it's RC and it should even be backported to stable.

> But that's the decision of the perl maintainer and the security team.

I think it's silly to claim that a flaw that's been well-known for ages
constitutes an RC bug that should be allowed to hold up the progress of
the release.  If this was really RC, it should have shown up long ago
and resulted in immediate removal of perl-suid.

Steve Langasek
postmodern programmer

Attachment: pgpGsv1PqVHVr.pgp
Description: PGP signature

Reply to: