On Sun, Jun 22, 2014 at 3:16 AM, Jakub Wilk wrote: > If remotely exploitable root security hole is not “critical” and is not a > security problem, then I don't know what is.
It is not appropriate to burden the security team about parts of the archive that clearly don't receive security support: https://www.debian.org/security/faq#contrib >> Contrib doesn't get any security support. > > > If it was an upstream bug AND we couldn't get it fixed ourselves (due to > licensing or lack of source) AND upstream was not willing to fix it either, > then that would be justification for the wontfix tag (but not for any > changes you made). > > However, this is a bug specifically introduced by the Debian package. There > is no excuse for not fixing it. Where did you see wontfix? >> Users worried about security should avoid contrib and non-free. > > > Developers allergic to contrib and non-free should leave alone bugs against > contrib and non-free packages. Rash judgements that are easily refuted are also not particularly constructive either. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
