Barry Finkel ha scritto: > Brad Knowles wrote in reply to a posting: > >> And I'm not at all convinced that "security problems are not a >> problem, with Debian" or any other OS, for that matter. Especially >> not with an old binary package that is based on old code that is >> known to have security flaws. > > When I was comparing the sources for Ubuntu/Debian Mailman 2.1.5 > against the SourceForge 2.1.9 source, I had to check the three > security patches in 2.1.9. Two of the patches matched; one was > completely different (different code in a different module). > I do not have enough knowledge of the internals of Mailman to be > able to determine if this third patch resolved the security > problem. I ended up building my own Ubuntu package from the 2.1.9 > SourceForge source, in the process eliminating almost all of the > Debian/Ubuntu patches. The patches were, for the most part, > undocumented, so I had no idea exactly what they did. Nor did I know > if they would fit into the 2.1.9 source, as some of the patches were > based on pre-2.1.5 code.
This was unexpected! Do you have opened a bug report? However the life of a Debian package maintainer is not easy. It should maintain a package to a stable version for 1-2 years. Regards Manlio Perillo ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
