On Wed, Apr 02, 2003 at 07:55:17AM -0800, Neil Schemenauer wrote:
> > 80888 [ H SU] Multiple buffer overflows in dnrd
> I'm not going to fix this bug. The program uses a very dangerous style
> of programming, IMHO. While I couldn't find any obvious security holes
> after looking over the source I'm sure there some. Fixing it would
> require many hours of work and I'm to prepared to do that for a package
> that no one I know is using.
] "Solve" can mean many things. [...] Another option is that the bug
] might be unfixable, and the package may need to be removed from testing
] or unstable or both.
This is the point where you should consider whether anyone else can fix
it (or if it's already fixed upstream - probably not in both cases),
and if not, whether the bug is really severe enough to mean it should
be removed from Debian. If it should be removed, you want to log on
to auric/klecker, and check which distributions will be affected, and,
ideally, see if any other packages will be affected.
Please try not to leave any bugs as "I'm not going to fix this" -- instead,
if you can't fix it in the ideal way, work out some other way to make sure
it doesn't affect people.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Dear Anthony Towns: [...] Congratulations --
you are now certified as a Red Hat Certified Engineer!''
Attachment:
pgpJ0PolydlTN.pgp
Description: PGP signature