On 03/09/14 13:15, Rainer Gerhards wrote: > Andre just went to vacation, but to the best of my knowledge he worked > with the reporter and has released a new version to address this issue.
Thanks for the feedback Salvatore, I'd prefer to update the package closer to the freeze and roll up any other changes in a single release. People should not be making LogAnalyzer available to the world, especially without additional access controls (HTTP authentication) so that provides some protection against flaws that do exist in this product. How would the security team feel if this package was classified in a similar way to the ganglia-web package, e.g. security alerts are not RC bugs and users advised to protect the URL with the webserver?
