Hi Steffen, On Sun, 21 Oct 2007, Steffen Joeris wrote: > I have read up on your discussion with the stable sec team. At the moment, > sql-ledger is in testing and from what I have heard it would be possible to > package and upload LedgerSMB, which fixes the security issues. Therefore, I > would like to remove sql-ledger from testing. For lenny, ledgersmb could be > used then. Any objections?
Yes. Until someone has done the job of packaging LedgerSmb I would like to keep sql-ledger. Please understand that we're speaking of a financial application that companies are using... (mine included). Also it won't be trivial to migrate from one to the other, so it's a fair bit of work to create the package and offer a sane upgrade path. We already documented the fact that sql-ledger is not safe to use in a untrusted environment. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/