On Thu, Jan 13, 2005 at 02:25:06AM -0800, Brian Nelson wrote: > On Thu, Jan 13, 2005 at 02:00:47AM -0800, Steve Langasek wrote: > > On Thu, Jan 13, 2005 at 01:30:52AM -0800, Brian Nelson wrote: > > > I can only find it currently in 2 packages in Debian--prozilla and elinks. > > > The others that used it in the past (libcurl, wget?) likely rewrote the > > > code since it was obsolete anyway. Why not just take the code from one of > > > those if it's really a concern?
> > Why not? I see no reason why not; please, be my guest. > Because I'm not the one that sees a major legal problem with this bit of > code. :) I don't know that anyone here has asserted that this is a *major* legal problem. Problems do not have to be "major" for us to report them as bugs, or believe that they're worth fixing. Even minor legal problems still warrant the assumption of severity=serious, because if they come calling, the impact on our users is significant regardless of how *much* code we're infringing. > > In particular, prozilla seems a particularly silly piece of software to jump > > to the defense of, since it has RC security holes and doesn't look like it's > > coming anywhere close to shipping with sarge. > OK, but elinks also contains this file and otherwise *is* in shape for > sarge. Yes, and I think this package will also need to have a bug filed against it now that we're aware of it, and the matter investigated. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature