Handling of "malware" in Debian
Hi,
because of the WOT[*] incident, I wonder how Debian should handle
malware packages in favour of our users.
The current scheme is to remove the offending package from stable and
go along. With unattended-upgrades or other automatic upgrade schemes,
such packages would remain on many systems and potentially harm users.
I suggest to handle such cases differently by uploading a new, empty
package (like transitional packages, but without new depends).
What do you think?
Cheers
[*] https://bugs.debian.org/842939
Reply to: