* Joey Hess: > Moritz Muehlenhoff wrote: >> consider the following case: Package foo has a bug, the bug affects stable >> or oldstable, but the fix for sid/testing consists in the removal of foo >> or it has already been removed for other reasons. >> <not-affected> doesn't fit, because older releases of Debian _are_ affected, >> while the issue is no longer relevant for testing/sid. The solution is >> a new "solution state" <removed>. Please adapt external scripts for this >> new token; it'll be used soon. (bidwatcher, libsafe) > > IMHO the correct thing to do is to mark it as unfixed. Then if it > somehow re-enters testing later from sid, we will see it and go make > sure the new version is fixed.
For the record, I agree. Moritz, I don't understand which problem you are trying to solve. If the package is not present in testing, it's not vulnerable. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
