On Sat, Apr 02, 2005 at 01:42:49PM +0300, Riku Voipio wrote: > On Fri, Apr 01, 2005 at 05:10:05AM -0800, Steve Langasek wrote: > > > lsh-utils 2.0-1 needed, have 1.4.2-8.2 for CAN-2005-0389 > > > lsh-utils 2.0.1-1 needed, have 1.4.2-8.2 for CAN-2005-0814 > > > (Also has a RC bug though.) > > yeah, that doesn't sound like a win yet (though it's also built on m68k). > lsh-utils has following, worrying description: > --snip-- > Description: Secure Shell v2 (SSH2) protocol server > ... > WARNING: This is a work in progress, and may be totally insecure. > --snip-- > If the description is not out of date (It hasn't changed since last > stable), is this really something that should go to sarge? Surely it was even more of a work in progress when it was allowed into woody three years ago? If the security team hasn't asked us yet to drop it from sarge based on that experience, I don't see any reason to drop it based on a poorly chosen description. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature