[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.


On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote:
> The upstream link makes it sound as if they are one of those upstreams
> which reject the idea of distributions shipping an older release to
> a stable distro. For a tool like radare2 that seems fair enough, so
> how about simply excluding it from stable releases (and retroactively
> drop it from Buster/Stretch in the forthcoming point releases)?

<pkg-security hat>
While I have no problem in getting it out of stable release, it is
important that we are able to provide backports so the package must
stay in Debian testing. 
</pkg-security hat>

<kali hat>
Also radare2 is a package that we care about in Kali and we are based
on Debian testing so we would prefer if it could continue to be there.
</kali hat>

In general, we (Debian) don't have a good answer to this problem and
virtualbox is clearly a bad precedent. We really need to find a solution
to this in concertation with the release managers.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: