Re: Bug #173254 Submitted: Snort In Stable "Unusable"
Quoting Nick Boyce (nick@glimmer.demon.co.uk):
> Sander's preferred option would be to remove the Snort package
> altogether in these circumstances. What would be quicker : remove the
> package, or add the warning to the web-page ? I guess we ought to do
> *something*.
Hmm...
IMHO, nobody reads the webpages at packages.debian.org before installing
a pacakge. A prospective user wants an IDS so he/she does 'apt-cache
search "intrusion detection"' sees 'snort - lightweight intrusion
detection system' and decides to install it. Atleast, that is what I
have seen most people doing.
Therefore I would more like to either remove the entire package *OR* add
a debconf / other intrusive warning that tells users that the package
gives them a fake sense of security and instead they should considder
installing snort 1.9.0 from source by doing apt-get source -b
snort from the unstable archives or by building it themselves.
It's the most effective way to prevent stable users from running
outdated security tools.
My $0.02,
Sander.
--
| How many weeks are there in a light year?
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
Reply to: