On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote:
> Control: severity -1 serious
> 
> Dozens of unfixed CVEs, the oldest unfixed CVEs will be more than
> 4 years old when stretch gets released.
> 
> In the current state the package is really too buggy for shipping
> in a new stable release.

Note that nodejs will not be covered by security support in stretch (as it was
done for jessie already). We had initially considered it, but with
nodejs 6 not having it made into stretch, that's not realistic.

So these can be downgraded to non-RC (or if the release team thinks
nodejs should rather be remove from testing, removal is also an option
of course).

Cheers,
        Moritz

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to