Stefan Fritsch wrote: > All open issues are fixed in unstable in 2.1-7, see > > http://security-tracker.debian.net/tracker/source-package/torrentflux > > Some more thoughts: > - when I looked through it, I found far fewer issues than I expected > (though I still think that the code quality is very bad). However, I > am also not a PHP expert and would not consider what I did to be a > full audit. > - AFAIR most if not all issues were only for authenticated users, so > maybe one could add a note that it should be only used with trusted > users. Quake 2 was released with Sarge in this way while having lots > of security issues. > - in November or so I had a discussion with Micah on IRC and we agreed > that we did not see any problems with it being released with etch. I > didn't notice the discussion on debian-release, though.
Is there any chance of getting an audit done for this package? As Stefan mentioned, there are no open security issues in unstable and the package seems safe. I'm not sure if it's too late to get this into Etch, considering the recent announcement about the new release timeline. Anyone? Thanks, Cameron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
