On Sun, Aug 27, 2006 at 09:48:42PM +0200, Moritz Muehlenhoff wrote: > Steve Langasek wrote: > >> Steve Langasek wrote: > >> > In the meantime, I'm downgrading 160579 because I don't see anything in= > > that > >> > report that would justify claiming the package is unreleasable.
> >> It's also vulnerable to CVE-2004-2656 (no bug seems to exist) and > >> CVE-2001-1535 (328927). > > FWIW, of all of these the one that looks most serious to me is the one that > > doesn't have a bug filed for it yet. :) > CVE-2004-2656 should get fixed for Etch, the rest isn't terribly serious. Could you file a bug report on this one then? That would give us grounds for removal if the maintainer doesn't react. > > Can you explain which of these bugs > > you think justify removing the package from a release, and why? > It has a marginal user base and seems unmaintained, I'm not sure if it's > worth carrying around; but I don't have objections security-wise. Right -- as noted before, I think the rest of those are QA objections, not reasons for the release team to remove the package directly. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
