Anibal Monsalve Salazar wrote: > >THe missing information in the transcript is that "no" was the default, > >even though per the config file the default should have been yes. > > It's corrected now. > > Changes: > portmap (5-12) unstable; urgency=high > . > * Changed default of debconf question to correspond to the value > in the config file. This looks fine (ignoring the non-rc bug I filed on it). > >>>> Patch by Javier Fernández-Sanguino Peña <jfs@computer.org>. > >>>> Closes: #301130, #286301. > >>> > >>>So you made a change in -10 that introduced a RC bug that was fixed > >>>in -11? And no changes in -10 were RC or even important. The point of > >>>freeze exceptions is not to allow continuing unstable development of > >>>packages in sarge so I don't see why this should be accepted. > >> > >>Javier pushed -10 as an important security improvement for desktop/laptop > >>systems and I agree with him on that regard. Running portmap listening > >>to the world on a desktop/laptop system is a considerable security > >>risk. > > > >This is only my opinion, but debian systems have been running with these > >problems for as long as there was debian; delaying the sarge release to > >fix them does not seem worth it. My opinion hasn't changed except that I do now consider the new portmap to be, apparently, free of new RC bugs caused by this series of changes. I have a hard time justifying portmap -10 in sarge as a security improvement, but if others disagree, that's fine. -- see shy jo
Attachment:
signature.asc
Description: Digital signature