Re: binutils security support (Re: fixing debian-security-support upgrades from stretch (for good))
Am 14.05.19 um 23:39 schrieb Moritz Mühlenhoff: > Holger Levsen schrieb: >> (and yes, I also agree this is quite a desaster, just like >> kde4libs/khtml only is suitable for trusted content, which IOW means, >> one should not use konqueror or kmail on the interweb.) > > That is the upstream status quo and not in any way specific to Debian, > we're just the only ones transparent about it instead of wiping it > under the carpet. Thanks for the clarification. It would be helpful, if this remark about the missing *upstream* support was in debian-security-support in addition to the line > Details: Not covered by security support It took me some time find the remark in debian-devel. Christoph signature.asc Description: OpenPGP digital signature
Re: binutils security support (Re: fixing debian-security-support upgrades from stretch (for good))
On Tue, May 14, 2019 at 11:39:50PM +0200, Moritz Mühlenhoff wrote: > Holger Levsen schrieb: > > (and yes, I also agree this is quite a desaster, just like > > kde4libs/khtml only is suitable for trusted content, which IOW means, > > one should not use konqueror or kmail on the interweb.) > That is the upstream status quo and not in any way specific to Debian, > we're just the only ones transparent about it instead of wiping it > under the carpet. yes, and I'm thankful for this. apologies if my mail didn't express that. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: binutils security support (Re: fixing debian-security-support upgrades from stretch (for good))
Holger Levsen schrieb: > (and yes, I also agree this is quite a desaster, just like > kde4libs/khtml only is suitable for trusted content, which IOW means, > one should not use konqueror or kmail on the interweb.) That is the upstream status quo and not in any way specific to Debian, we're just the only ones transparent about it instead of wiping it under the carpet. Cheers, Moritz
binutils security support (Re: fixing debian-security-support upgrades from stretch (for good))
On Mon, May 13, 2019 at 02:17:46PM +0200, Marco d'Itri wrote: > I strongly object to adding this package, and its dependency > gettext-base, to the transitive essential set. I'll respond to this in a moment. (I agree but it just takes a bit longer to respond to this.) > I tried installing it (I had never heard of it before) and I see that it > immediately complains about the version of binutils currently in > unstable, so I also have serious doubts about the usefulness of > a security tool which will always report an alarm. well, binutils *is* not covered by Debian's security support, and I do agree that this is useful information this tool should provide. https://salsa.debian.org/debian/debian-security-support/commit/039d2470d28e858bb29c3f9f0cde8e61e1936719 (and yes, I also agree this is quite a desaster, just like kde4libs/khtml only is suitable for trusted content, which IOW means, one should not use konqueror or kmail on the interweb.) -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature