Hi Stable release managers, On Thu, Apr 25, 2019 at 03:27:21PM +0100, Ben Hutchings wrote: > Linux's ntfs kernel module, supporting Windows's native filesystem, has > three security issues open against it (CVE-2018-12929, CVE-2018-12930, > CVE-2018-12931) and there is no sign of progress towards fixing them > upstream. > > This module is limited to read-only functionality by default; its write > support only covers overwriting existing files and has been disabled in > Debian kernel configurations since stretch. The alternative FUSE-based > implementation, ntfs-3g, is far more functional, though it may have > lower performance. It is already used in the installer and included in > all the desktop tasks (unless installation of Recommends is disabled). > > I intend to disable building this module in the next upload to sid, > targetting buster. > > I think we should also disable building it in updates to jessie and > stretch, but would like to get an OK from the Stable Release Managers > before doing that.
Any opinion on your side on disabling building the ntfs kernel module for stretch? Regards, Salvatore
