Hey all, I understand the woes on all sides, but I believe the correct “Debian" way would be to drop ZoL from Buster release. Of course we can wait until it breaks after Linux kernel upgrade, but I would say it’s better to prevent the dance around removing the package from the buster and just not release with it.
I see no reason why ZoL should be treated differently than any other software in Debian. If we cannot make the ZoL in Buster safe for our users it needs to be removed from the release, and perhaps provided via buster-backports. This is neither the first nor the last software that would be treated like this, and honestly pragmatic approach here would just prevent hurt feelings on all sides long-term. Cheers, Ondrej -- Ondřej Surý ond...@sury.org > On 6 Jun 2019, at 16:03, Bastian Blank <wa...@debian.org> wrote: > > Hi Zigo > > On Thu, Jun 06, 2019 at 02:43:16PM +0200, Thomas Goirand wrote: >> In such case, would you consider maintaining this tiny patch? >> https://github.com/NixOS/nixpkgs/pull/61076/commits/7b77c27caa8617c82df5c5af6b9ce6ae010d7f9a > > Please read https://bugs.debian.org/929557. > > Thanks for following all security precautions. > > Bastian > > -- > I've already got a female to worry about. Her name is the Enterprise. > -- Kirk, "The Corbomite Maneuver", stardate 1514.0 >
