[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please consider portmap 5-12 for sarge (was: RFFE: portmap 5-11)

Anibal Monsalve Salazar wrote:
> >THe missing information in the transcript is that "no" was the default,
> >even though per the config file the default should have been yes.
> It's corrected now.
> Changes: 
>  portmap (5-12) unstable; urgency=high
>  .
>    * Changed default of debconf question to correspond to the value
>      in the config file.

This looks fine (ignoring the non-rc bug I filed on it).

> >>>>     Patch by Javier Fernández-Sanguino Peña <jfs@computer.org>.
> >>>>     Closes: #301130, #286301.
> >>>
> >>>So you made a change in -10 that introduced a RC bug that was fixed
> >>>in -11? And no changes in -10 were RC or even important. The point of
> >>>freeze exceptions is not to allow continuing unstable development of
> >>>packages in sarge so I don't see why this should be accepted. 
> >>
> >>Javier pushed -10 as an important security improvement for desktop/laptop
> >>systems and I agree with him on that regard. Running portmap listening
> >>to the world on a desktop/laptop system is a considerable security
> >>risk.
> >
> >This is only my opinion, but debian systems have been running with these
> >problems for as long as there was debian; delaying the sarge release to
> >fix them does not seem worth it.

My opinion hasn't changed except that I do now consider the new portmap
to be, apparently, free of new RC bugs caused by this series of changes.

I have a hard time justifying portmap -10 in sarge as a security
improvement, but if others disagree, that's fine.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: