Re: Please remove knowledgetree and slash for security issues
severity 160579 minor
On Mon, Aug 21, 2006 at 04:21:20PM +0200, Thijs Kinkhorst wrote:
> I'd like to request removal of knowledgetree for testing for these
> * Has two security issues;
> * Has an open request for adoption since a couple of months but no takers;
> * Has low popcon numbers;
> * Is a couple of versions behind upstream.
> (See bug #373137)
This package had already been removed from testing.
> Same goes for slash:
> * Has two security issues with no real response for four and one years
> * Has 4 installs and 3 votes in popcon;
> * Release is years old, upstream develops but is not releasing.
> (See bug #160579)
The maintainer seems to disagree that there's any reason to remove the
package. The argument for removing it for security reasons isn't strong --
160579 amounts to "a user can do stupid things that will expose his
password, like typing them into the URL bar"; yes, this should be tagged
'security', but the presence of a bug tagged 'security' is not itself a
reason to remove the package from a release when that security hole does not
itself qualify as an RC bug.
The other reasons seem more like a reason to remove the package from the
archive than from the release specifically; please check with -qa if they
would like to have this package removed from unstable over the maintainer's
objections in that case.
In the meantime, I'm downgrading 160579 because I don't see anything in that
report that would justify claiming the package is unreleasable.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.