Bug#413926: wordpress: Should not ship with Etch

2007-03-29 Thread Sam Hartman
> "Anthony" == Anthony Towns writes: Anthony> Dividing by years gives: Anthony> CVEs Earliest Years CVEs/Year Anthony> 43 2004 3 14.3 wordpress 63 2002 5 12.6 phpbb2 37 2004 Anthony> 3 12.3 moodle 46 2002 5 9.2 bugzilla 45 2001 6 7.5 Anthony> phpmyadmin >> Viewed

Bug#413926: wordpress: Should not ship with Etch

2007-03-17 Thread Raul Miller
On 3/12/07, Steve Langasek <[EMAIL PROTECTED]> wrote: Hmm -- if it's the RMs' call, I guess that means Andi and I both are required to abstain from any vote on this (Constitution 6.3.2). Is it still ok for me to call for a vote? :) (FWIW, as RM the decision I consider to have made is "defer to

Bug#413926: wordpress: Should not ship with Etch

2007-03-14 Thread Moritz Muehlenhoff
Hi, [I lack the time to comment extensively, just some brief comments. This will likely be last post in this buglog] Steve Langasek wrote: > On Tue, Mar 13, 2007 at 01:46:45AM +1000, Anthony Towns wrote: > > Dividing by years gives: > > > CVEs Earliest Years CVEs/Year > > > 43 2004 3

Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Steve Langasek
On Tue, Mar 13, 2007 at 01:46:45AM +1000, Anthony Towns wrote: > Dividing by years gives: > CVEs Earliest Years CVEs/Year > 43 2004 3 14.3 wordpress > 63 2002 5 12.6 phpbb2 > 37 2004 3 12.3 moodle > 46 2002 5 9.2 bugzilla > 45

Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Andreas Barth
* Florian Weimer ([EMAIL PROTECTED]) [070312 21:22]: > But all that can be considered best current practice, so to speak, and > should not necessarily be a reason to exclude a package from a stable > release. There might be non-technical concerns regarding the promises > of security support or the

Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Florian Weimer
* Anthony Towns: >> Viewed this way, wordpress definitely appears to have one of the /highest/ >> rates of security holes for webapps of its class. > > 14 bugs per year versus 12 for moodle and phpbb2 doesn't seem that big > a difference to me. > > I'm not sure that bug counts like this are really

Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Anthony Towns
On Mon, Mar 12, 2007 at 01:30:14AM -0700, Steve Langasek wrote: > However, on closer examination, the source data that Neil used here > (svn://svn.debian.org/svn/secure-testing/data/CVE/list) covers *all* > historical CVEs dating back to 1999. This means that, while the history for > phpbb2 and bu

Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Steve Langasek
Sorry to be a queue-jumper, but I'd like to see the TC address this wordpress question quickly so that the release team doesn't have to make a decision by default for etch while the TC is deliberating (or sleeping, as the case may be :-). In