Bug#692734: unblock: ettercap/0.7.5-4

[Neil McGovern <neil@halon.org.uk>]

On Wed, Jan 09, 2013 at 02:40:25PM +0000, Barak A. Pearlmutter wrote:
> As I've stated previously, I don't believe that backporting fixes is
> really feasible.  There are too many, they are mixed with
> non-security-related modifications, there would be enormous opportunity
> for error, and ongoing security maintenance would be quite difficult.

Do you have CVE numbers, BTS references or any further detail? These
very changes make it not suitable for update when we've been frozen for
over 6 months.

> Some background: upstream development stalled, and a new team has (with
> the blessing of the retired old team) taken over.  The new team is
> willing to do security updates on their versions, but it is not
> realistic to expect them to be able to do security patches for an
> ancient version full of backported patches.

No, that's what we expect *you* to do as the maintainer. If you feel you
cannot support software for the length of the stable release, then it's
simple: find help or let's not have it in a stable release.

> On the other hand, I personally don't see any disadvantage to letting
> 0.7.5* in and pulling it if there is a problem, instead of just pulling
> it preemptively in case there is a problem.

Because by that stage a number of people will have already installed it
and we have provided a commitment to have it in the release.

> So that is my recommendation.  The choice, however, is with the
> release team.
> 

That's not going to happen. So, can you please let me know if you're
going to backport the fixes, or if I should remove it from wheezy.

Neil