Freeze exception request for ettercap 0.7.5-1
Dear Release Team,
A new upstream version 0.7.5 of ettercap (a network sniff/attack tool)
fixes some icky security issues. It does not seem practical to me to
backport the mods, because many of them are made on top of
non-security-related changes, and teasing them apart etc would be a
great deal of work. The upstream team is very eager to get the new
version in place, and I find their reasoning compelling.
This is briefly alluded to in BTS 691465.
I've dput a version 0.7.5-1, and am hoping the release team will see
fit to allow it into testing.
Note that ettercap is a leaf package (nothing depends on it) so there
is no real down-side to allowing it in and then having a show-stopping
problem pop up. In that case it can be pulled ... which I think we'll
have to do anyway if we *don't* allow 0.7.5 in, since in that case
we'll have known latent security issues.
On the other hand, with 0.7.5 we have an active (quite pro-active in
fact) and highly responsive upstream team eager to fix any issues that
we might bring to their attention.
--Barak.
--
Barak A. Pearlmutter
Hamilton Institute & Dept Comp Sci, NUI Maynooth, Co. Kildare, Ireland
http://www.bcl.hamilton.ie/~barak/
Reply to: