El martes, 2 de abril de 2019 17:48:26 -03 Moritz Mühlenhoff escribió: [snip] > > Truth is we can't even agree inside the team. Some of us think we should > > just remove it alongside whatever hasn't been ported, some think we should > > not. > > > > Now in my *very personal* opinion: even if it's not supported by the > > security team I think it should keep the RC status if released with > > buster. > > It's a pile of security bugs in one single package. > > qtwebkit hasn't been security-supported in any Debian release it was ever > present in. Does it really make sense to remove it now so close to the > buster release (with all kinds of unpreditable fallout on kde4libs). > > Wouldn't it be better to wait after the buster release and then agressively > bump all the remaining QT4/KDE4 to RC-severity the day after the buster > release so that automated testing removals can do their magic (and filin > g RM bugs a few months later).
That's exactly what I wrote above, but keeping the RC bug. Even if it's not supported we should warn our users of the big security pile of bugs it is. -- Cuando tenga duda, utilice la solución mas simple. Principio de William Occam, también llamado "la navaja de Occam" Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/
signature.asc
Description: This is a digitally signed message part.
