Re: Please unblock moodle_1.6.3-2
* Moritz Muehlenhoff (jmm@inutil.org) [061215 21:46]:
> On 2006-12-14, Isaac Clerencia <isaac@debian.org> wrote:
> > I've just uploaded a new moodle version which only includes a new
> > patch for a XSS security problem.
>
> Isaac, this is the 34th security problem in Moodle since 2004. (Counting
> by CVE assignments, many of them represent multiple security problems)
>
> It's already more or less unsupportable in Sarge (AFAICT fixes for about
> a dozen vulnerabilities need to be analysed, extarcted and backported,
> as upstream doesn't provide clean information; this is roughly 0.5-1
> man days of work)
>
> I don't think we should repeat the mistake to include it in a stable
> release again.
In case you think moodle is unsuitable for a stable release because of
| 5. General
|
| (a) Supportable
|
| Packages in the archive must not be so buggy or out of date we
| refuse to support them.
you should submit an serious bug report because of this.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
Reply to: