Re: Wordpress in etch

[Moritz Muehlenhoff <jmm@inutil.org>]

Steve Langasek wrote:
> Security Team,
> 
> On Mon, Mar 05, 2007 at 10:27:00PM +0000, Kai Hendry wrote:
> > As micah suggests I will offer a "firm commitment to actually making
> > the security updated packages when the hole comes out, and even drafting
> > the DSA and delivering it to the security team on a silver platter) and
> > if it becomes untenable I will support the removal"
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We can't sanely remove a package from a stable release.
 
> > Below is the last email from upstream confirming support.
> 
> Is this satisfactory?  Should this bug be closed?

No, I still believe it's not supportable over the course of a stable
release and has security issue too frequently.
Instead of focusing on each one's pet package we need to look at the
big picture. Maintaining security support for a distribution of the
size of Debian is already difficult enough.

If there's user interest in Wordpress, I recommend to maintain it through
volatile.

EOD for me.

PS: I need to correct my earlier remark. Even Gentoo ceased security support
for Wordpress (and they don't even do backports):
http://bugs.gentoo.org/show_bug.cgi?id=168529

Cheers,
        Moritz