Matt Zimmerman wrote: > > If you have concrete information about unfixed bugs, bring it forth. > Otherwise this is just more FUD. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590
Now. To be fair, these bugs probably aren't the end of the world as long as you understand what all of them are and how to protect yourself, and I don't expect a great number of people are even using the Debian Zope packages. But as more time goes on these bugs are getting harder and harder to keep on top of because there are so many of them and they go so deep that backporting to this version of Zope becomes incredibly non-trivial. Frankly I wish Zope would just be dropped from stable, but I am glad Debian has the sensibilities to air their security bugs openly and not hide them obscurity (like say... the Zope project itself). It gives people the ability to remain informed, and thats ever so important. Still there are times when the project tends to let known holes fester. I find it tends to be worst around a new release. Take for example the mysql crash bug #131921 which was given up for a lost cause. Thankfully I've never seen this happen with a vulnerability that can cause a system compromise in a popular package. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington Willoughby -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
