On 2015-03-13 09:29, Arnaud Fontaine wrote: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: rm > > Hello, > > Considering that trafficserver is currently affected by 3 security bugs > (CVE-2014-3624, CVE-2014-10022 (#778895) and #749846) fixed in Sid but > which was not uploaded on time to testing before the freeze, and that > these bugs cannot be easily fixed, it would probably be better to remove > it from testing as suggested by Arno Töll, the maintainer of > trafficserver, on #778895: > > "However, the Release Team was uncomfortable to unblock that package > (cf. #769689). I'm afraid, that we better ask for removal of that > package in Testing rather than bothering with it, as we - as > maintainers - cannot guarantee for the security of it already, even > less so over the lifespan of a Debian Release, and upstream is moving > faster than us." > > Thanks in advance. > > Regards, >
Ack, I have added a removal hint for trafficserver. Hopefully things will look better for Stretch. Thanks, ~Niels -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
