Barry Finkel ha scritto:
> Brad Knowles wrote in reply to a posting:
>
>> And I'm not at all convinced that "security problems are not a
>> problem, with Debian" or any other OS, for that matter. Especially
>> not with an old binary package that is based on old code that is
>> known to have security flaws.
>
> When I was comparing the sources for Ubuntu/Debian Mailman 2.1.5
> against the SourceForge 2.1.9 source, I had to check the three
> security patches in 2.1.9. Two of the patches matched; one was
> completely different (different code in a different module).
> I do not have enough knowledge of the internals of Mailman to be
> able to determine if this third patch resolved the security
> problem. I ended up building my own Ubuntu package from the 2.1.9
> SourceForge source, in the process eliminating almost all of the
> Debian/Ubuntu patches. The patches were, for the most part,
> undocumented, so I had no idea exactly what they did. Nor did I know
> if they would fit into the 2.1.9 source, as some of the patches were
> based on pre-2.1.5 code.
Manlio Perillo replied:
>This was unexpected!
>Do you have opened a bug report?
No, because
1) I have built an Ubuntu Mailman package from the 2.1.9 SF source,
and I am no longer interested in whatever Debian/Ubuntu did/does
with their patches. I built a package, it works, and I know
how to build a package from the next Mailman source release.
I know which Debian/Ubuntu patches to include (those that put
files in the proper Debian directories).
2) I have no idea if there is a bug. I have to assume that the
third security patch they put into their Mailman package does
resolve the security problem. I really have no way to test,
nor do I have a desire to test. What bug do you suspect from
what I wrote?
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: [EMAIL PROTECTED]
Argonne, IL 60439-4828 IBMMAIL: I1004994
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
