Re: Please unblock moodle_1.6.3-2

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: debian-release@lists.debian.org
Subject: Re: Please unblock moodle_1.6.3-2
From: Andreas Barth <aba@not.so.argh.org>
Date: Fri, 15 Dec 2006 21:53:15 +0100
Message-id: <[🔎] 20061215205315.GQ2733@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, Moritz Muehlenhoff <jmm@inutil.org>, debian-release@lists.debian.org
In-reply-to: <[🔎] slrneo5p6i.31p.jmm@inutil.org>
References: <[🔎] 200612141424.34289.isaac@debian.org> <[🔎] slrneo5p6i.31p.jmm@inutil.org>

* Moritz Muehlenhoff (jmm@inutil.org) [061215 21:46]:
> On 2006-12-14, Isaac Clerencia <isaac@debian.org> wrote:
> > I've just uploaded a new moodle version which only includes a new
> > patch for a XSS security problem.
> 
> Isaac, this is the 34th security problem in Moodle since 2004. (Counting
> by CVE assignments, many of them represent multiple security problems)
> 
> It's already more or less unsupportable in Sarge (AFAICT fixes for about
> a dozen vulnerabilities need to be analysed, extarcted and backported,
> as upstream doesn't provide clean information; this is roughly 0.5-1
> man days of work)
> 
> I don't think we should repeat the mistake to include it in a stable
> release again.

In case you think moodle is unsuitable for a stable release because of
| 5. General
|
|  (a) Supportable
|
|       Packages in the archive must not be so buggy or out of date we
|       refuse to support them.

you should submit an serious bug report because of this.


Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/

Reply to:

References:
- Please unblock moodle_1.6.3-2
  - From: Isaac Clerencia <isaac@debian.org>
- Re: Please unblock moodle_1.6.3-2
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: mingw32 uploaded to unstable with GFDL issue #392953 resolved
Next by Date: Re: Please unblock moodle_1.6.3-2
Previous by thread: Re: Please unblock moodle_1.6.3-2
Next by thread: Re: Please unblock moodle_1.6.3-2
Index(es):
- Date
- Thread