[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2038-3] New pidgin packages fix regression


* Thijs Kinkhorst <thijs@debian.org> [2010-11-13 20:37:28 CET]:
> Since a few months, Microsoft's servers for MSN have changed the protocol,
> making Pidgin non-functional for use with MSN. It is not feasible to port
> these changes to the version of Pidgin in Debian Lenny. This update
> formalises that situation by disabling the protocol in the client. Users
> of the MSN protocol are advised to use the version of Pidgin in the
> repositories of www.backports.org.

 There are several things with this that itch me a fair bit: The most
obvious is that it's now backports.debian.org, not www.backports.org
anymore, which leaves a skew view on the status of the service.

 Secondly, I can't remember any information exchange between the
security team and the backporters of the package. Especially in the
light of the not-too-far-ago thread on debian-devel about the security
support state on backports where Gilbert left a quite clear opinion (and
non-disputed by other people of the security team) about the state (or
rather, non-state) of security support for backports this is also a fair
bit disturbing.

 Can we please try to get discussion going on about how to continue from
here? The above statement in an official DSA sounds like an endorsement
of using backports by the security team, and I would like to know how we
can actually improve the situation on that grounds and move forward from

 Thanks in advance,
Rhonda [still interested to make it actually work]

Reply to: