Hi, * Michael S. Gilbert <[email protected]> [2009-08-04 18:37]: > On Tue, 04 Aug 2009 12:57:07 +0200, Giuseppe Iuculano wrote: > > How we should track them? > > > > Maintainer closed #538240 because users must update the Adobe Flash Player > > with: > > update-flashplugin-nonfree --install > > i'd say add issues/CVEs to the tracker for users' awareness, but don't > spend time actively working them. users should understand the can of > worms that flash is. > > maybe there should be an announcement similar to iceweasel in etch > indicating lack of security support for flash?
We are currently discussing internally how to handle such situations. We are not yet sure if we want to send out a DSA for something like that. Those packages aren't supported by the security team still it would be nice to somehow reflect an update to the users. At the moment we lack of an idea on how to do that in a sane way. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpAni6ESl8QR.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
