On Thu, May 2, 2013 09:25, Steffen Möller wrote: > I have talked back to my pkg-boinc mates and, well, feelings are mixed. > The remaining source to this TV report and some prominent discussions > about it I found at > http://www.rechenkraft.net/phpBB/viewtopic.php?f=12&t=12717&start=12 > And while I think that no real damage is done (and the package could > hence just remain as it is), I also think that it might be unfortunate > for Debian to ship any code with known vulnerabilities.
Isn't it possible to fix these vulnerabilities through a DSA or in the first point release? Or alternatively remove the binary package in the first point release? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org