On Thu, Apr 03, 2008 at 11:51:06PM +0200, Moritz Muehlenhoff wrote:
> > And if so, what is the plan for wordpress in etch and lenny?
> 
> I recommend to drop it from Lenny, but if people choose to
> repeat mistakes I won't waste my time on argueing.

I don't quite see the point of this...

http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=wordpress;dist=stable
shows zero RC bugs, and I found two DSA-s for it, 1258 and 1502.
The remaining filed bugs which relate to security are explicitly marked by
the maintainers as too minor to warrant updates, so it doesn't look like
the security team is particularly burdened.

I don't see the wordpress inclusion as a mistake. Comparing it to the
situation where we currently don't have mantis in etch, because of a similar
bug report - there the decision wasn't elevated to tech-ctte as the package
was unmaintained, so it went by unnoticed. The package was taken three
months after the report, but by that time it was too late, I guess.
As an application to which access is customarily restricted from the start
(private bug tracking systems), mantis is even less of a real-world security
problem, yet we've completely deprived etch users of a package, and this
actually hurt the sarge users who can't upgrade to the improved version.

-- 
     2. That which causes joy or happiness.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to