[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-commits] r13252 - data



On 11/9/09, Thijs Kinkhorst <thijs@debian.org> wrote:
> On moandei 9 Novimber 2009, Jakub Wilk wrote:
>>         NOTE: embeds msgfmt.py script
>> -       - mailman <unfixed> (embed)
>> +       - mailman <unfixed> (embed; #555416)
>
> Although this is installed into the Debian package, it is never used and not
> installed into the path. What is the risk here? I can see to removing it in
> a
> next release purely because it's cruft, but do not see the added value of
> putting it on the embedded code copies list.

msgfmt.py is currently installed to /usr/lib/mailman, so it very well
could lead to a problem if a security issue is discovered.  any and
all embeds are useful to track in preparation for future security
vulnerabilities.  additonally, embeds are violations of debian policy,
so they should be tracked and fixed.  i see no better resource for
this than the tracker's existing list.

mike


Reply to: