dann frazier wrote: > Package: mantis > Severity: serious > > As per http://release.debian.org/etch_rc_policy.txt - 5a, I am opening > this RC bug against mantis to prevent it from releasing until which > time the security team is convinced that it is a package that can > be reasonably supported. > > See the discussion thread here: > http://lists.debian.org/debian-release/2006/12/msg00437.html I quiet understand the etch release policy and I am sure that there are cases where 5a matches the case. But in the case of mantis it does *not* match. Because there is currently *one* open security issue which where just reported and which I'm willing to fix in duration of this day. The package *has* a maintainer and it is not out of date or is *too buggy*. It makes me somehow angry that i invested so much work in bringing mantis back in a good shape, when people can block its release by just saying 'hey it had a bad history'. Given the information by Moritz that it had 21 vulnerabilities it should be worth to mention that almost 50% of the bugs I've seen affected almost dusty versions of mantis that are *far* away from the current release. Also most of the bugs has been fixed upstream in a reasonable time and i can *not* confirm that mantis developers do hide details of bug fixes. In fact they use their own bug tracker to track fixes for bugs and the most of the security issues are IMO documented and discussed there well enough to backport/implement security fixes into current debian packages. Lastly i wanted to note that IMO using statistical numbers that are by *no way* representative isn't really a good base for arguing with a poor user base. And given you do trust that this 40 counted users are a representative number: For this 40 counted users mantis might be *very* important. And it might be even more. There might be hundred that do not participate in popcon. I would like to further discuss this topic and hopely we could find a con sense. Best Regards Patrick
Attachment:
signature.asc
Description: OpenPGP digital signature