* Florian Weimer ([EMAIL PROTECTED]) [070312 21:22]: > But all that can be considered best current practice, so to speak, and > should not necessarily be a reason to exclude a package from a stable > release. There might be non-technical concerns regarding the promises > of security support or the maintenance status in Debian, but I'm not > qualified to judge that.
After carefull reading of this and the other messages, I tend to come to this conclusion: 1. Wordpress is no worse than lots of other php applications, and I don't think we want to do a mass-removal of php applications now. I also don't think we should discriminate wordpress relative to other php applications. 2. Wordpress per se is security supportable. Neil has worked within the testing security team for some time, and I don't see reasons why he shouldn't be trusted for being able to help with security support for stable as well (Other peoples might have superior knowledge - if so, please share it with me). 3. We require that applications are "security supportable". So, concluding from 1 and 2, this criteria seems to be fullfiled for wordpress. Under these conclusions, I tend to the following resolution: 1. We thank Moritz Muehlenhoff for bringing issues with wordpress to our attention. 2. We thank Neil McGovern for offering security support for wordpress during Etch's lifetime. 3. We consider Neils offer mature enough to not consider wordpress failing the release policys "Packages in the archive must not be so buggy [...] we refuse to support them."[1]. 4. We recommend the release team to consider the same, and adjust the bug's severity. [1] http://release.debian.org/etch_rc_policy.txt Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]