Re: [Secure-testing-commits] r13252 - data

To: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r13252 - data
From: Jakub Wilk <ubanus@users.sf.net>
Date: Mon, 9 Nov 2009 22:56:52 +0100
Message-id: <[🔎] 20091109215652.GA8385@jwilk.net>
In-reply-to: <[🔎] 200911092056.45026.thijs@debian.org>
References: <E1N7ZV5-0006Ze-3k@alioth.debian.org> <[🔎] 200911092056.45026.thijs@debian.org>

* Thijs Kinkhorst <thijs@debian.org>, 2009-11-09, 20:56:

        NOTE: embeds msgfmt.py script
-       - mailman <unfixed> (embed)
+       - mailman <unfixed> (embed; #555416)


Although this is installed into the Debian package, it is never used and not
installed into the path. What is the risk here? I can see to removing it in a
next release purely because it's cruft, but do not see the added value of
putting it on the embedded code copies list.

We are already documenting things that are no security risk at all (likestuff fixed way before etch) and I strongly believe that is the rightthing to do. The whole point of this file is to make obvious whichversions are affected (even if none actually are).


That said, this entry should be probably marked as <not-affected>.

--
Jakub Wilk

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: [Secure-testing-commits] r13252 - data
  - From: Thijs Kinkhorst <thijs@debian.org>

Prev by Date: Re: [Secure-testing-commits] r13252 - data
Next by Date: Re: MBF: embedded copies of Python modules
Previous by thread: Re: [Secure-testing-commits] r13252 - data
Next by thread: Re: [Secure-testing-commits] r13252 - data
Index(es):
- Date
- Thread