Hi The LTS team also tries to fix security holes in all packages. Not only the ones explicitly expressed a need for by the customers. The ones expressed a need for always have a higher priority.
However if it is like you write that 2.0.5 is full of security holes and nobody have expressed a need, maybe we should mark it as unsupported instead. // Ola On Wed, Sep 7, 2016 at 4:28 AM, Antoine Beaupré <anar...@orangeseeds.org> wrote: > I am a bit surprised to see this - are ircd packages sponsored now? > There's a similar issue in Charybdis and I deliberately marked it as > unsupported in LTS because, AFAIK, no customer expressed the need to > support those yet. > > I'd be glad to see if we can update charybdis in Wheezy as well, but to > be honest, i think people running IRCs on wheezy are really looking for > trouble, both in the case of charybdis and inspircd. I think they should > be marked as unsupported, because they are not supported upstream. > > I had an interesting conversation with the inspircd maintainers > recently, over IRC: they are basically saying that 2.0.5 is full of > security holes, and they do not bother with issuing CVEs, so it's really > hard to tell what version if affected by what. > > It's only because I requested those CVEs that this issue propped up on > Debian's radar at all, btw... > > A. > -- > Le pouvoir n'est pas à conquérir, il est à détruire > - Jean-François Brient, de la servitude moderne > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------