On Sunday 21 October 2007 14:04, Steffen Joeris wrote: > Well my point is that sql-ledger is in stable (and not security supported), > which is the way it is. For lenny this should, IMHO, not happen again. I > personally see it that way:
I respectfully disagree with this. In my opinion, when you cannot trust your authenticated users of sql-ledger, you've got a lot bigger problems than this security issue. I'd like to see some real-world cases where this could be exploited before we start to remove things for which no adequate substitute is packaged yet. Of course once there's a better package available, I'm all for deprecating this one. And also of course, it's still a bug which should be fixed when reasonably possible. Thijs
pgp0kLwSlKuOS.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
