[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [pkg-lighttpd] Bug#474951: Is a fix for etch planned?



Philipp Kern wrote:
> On Tue, Apr 15, 2008 at 08:39:03AM +0200, Pierre Habouzit wrote:
> >   Dear security team, you broke lighttpd badly with your last upload,
> > because you use a broken patch to fix the last CVE on it. Please update
> > the patch, using e.g. the one in the unstable version instead.  You've
> > broken lighttpd for almost 10 days, it's quite unacceptable to have a
> > lighttpd in _stable_ in that state.
> > 
> >   Dear SRM team: would an upload to s-p-u be accepted if the security
> > team still doesn't react ?
> 
> As the current lighttpd distributed through security is utterly broken
> if you have SSL activated, of course I would accept an update through
> s-p-u.  But I would be deeply disappointed about this is handled, too.

Since it's broken on security.debian.org, it should be fixed there
and passed through to s-p-u.

Pierre, could you send the relevant patch to the security team for 
safety?

Regards,

	Joey

-- 
Experience is something you don't get until just after you need it.


Reply to: