Re: [pkg-lighttpd] Bug#474951: Is a fix for etch planned?
Philipp Kern wrote:
> On Tue, Apr 15, 2008 at 08:39:03AM +0200, Pierre Habouzit wrote:
> > Dear security team, you broke lighttpd badly with your last upload,
> > because you use a broken patch to fix the last CVE on it. Please update
> > the patch, using e.g. the one in the unstable version instead. You've
> > broken lighttpd for almost 10 days, it's quite unacceptable to have a
> > lighttpd in _stable_ in that state.
> > Dear SRM team: would an upload to s-p-u be accepted if the security
> > team still doesn't react ?
> As the current lighttpd distributed through security is utterly broken
> if you have SSL activated, of course I would accept an update through
> s-p-u. But I would be deeply disappointed about this is handled, too.
Since it's broken on security.debian.org, it should be fixed there
and passed through to s-p-u.
Pierre, could you send the relevant patch to the security team for
Experience is something you don't get until just after you need it.