Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.
Hi,
On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote:
> The upstream link makes it sound as if they are one of those upstreams
> which reject the idea of distributions shipping an older release to
> a stable distro. For a tool like radare2 that seems fair enough, so
> how about simply excluding it from stable releases (and retroactively
> drop it from Buster/Stretch in the forthcoming point releases)?
<pkg-security hat>
While I have no problem in getting it out of stable release, it is
important that we are able to provide backports so the package must
stay in Debian testing.
</pkg-security hat>
<kali hat>
Also radare2 is a package that we care about in Kali and we are based
on Debian testing so we would prefer if it could continue to be there.
</kali hat>
In general, we (Debian) don't have a good answer to this problem and
virtualbox is clearly a bad precedent. We really need to find a solution
to this in concertation with the release managers.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: