Re: libapache2-mod-perl2 stable update for CVE-2007-1349

To: debian-release@lists.debian.org
Subject: Re: libapache2-mod-perl2 stable update for CVE-2007-1349
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 13 Jan 2008 15:42:52 +0100
Message-id: <[🔎] slrnfok8rc.81i.jmm@inutil.org>
References: <20080111012141.GA17788@ngolde.de> <[🔎] 20080111014726.GA26711@connexer.com>

Roberto C  Sánchez wrote:
>> Unfortunately the vulnerability described above is not important enough
>> to get it fixed via regular security update in Debian stable. It does
>> not warrant a DSA.
>>=20
>> However it would be nice if this could get fixed via a regular point upda=
> te[1].
>
> Just curious, but what is the rationale behind this?

Some security issues don't warrant the significant overhead of creating a
DSA (both for the Security Team and the admin installing the security
updates), but they can still be included for the regular point updates,
since
- The admin needs to install the point update anyway
- The update receives more testing in advance
- The maintainer provides the update and not the Security Team

Cheers,
        Moritz

Reply to:

References:
- Re: libapache2-mod-perl2 stable update for CVE-2007-1349
  - From: Roberto C. Sánchez <roberto@connexer.com>

Prev by Date: Re: hint for vice/1.22-2
Next by Date: Re: Is mantis still not supportable by the support team? (was: Re: Unblock request for mantis)
Previous by thread: Re: libapache2-mod-perl2 stable update for CVE-2007-1349
Next by thread: Idea for dealing with transitions
Index(es):
- Date
- Thread