Hi,
Am Thu, 15 Nov 2007 14:35:58 +0100 schrieb Reinhard Tartler <[EMAIL PROTECTED]>: > Stephan Hermann <[EMAIL PROTECTED]> writes: > > > Dear Colleagues, > > > > I need some advice: > > > > there are least 2 CVEs for bitchx (source ircii-pana) but upstream > > seems to be dead. > > I would like to request a removal of this package. > > > > Why? > > > > First, we have (as console replacement) irssi in our archives, > > which is quite active, secondly for the X fanatics we have several > > other irc clients in our archives. > > Third, dead upstream is not ok for a package in debian and ubuntu. > > > > > > Some random thoughts, or should I file a removal request via LP and > > DBTS? > > AFAIUI, we have the policy not remove packages from universe just > because nobody cares for this. This topic and similar questions have > been raised before at least by Lucas and me, but the answer was that > we in general don't remove broken packages. Well, the package itself is not broken (ok, for hardy it's just not secure and righ now it ftbfs but that's something different). > I'm not too happy with that course, but I don't have a really strong > opinion on this. If someone in the future wants to care for the > package, he can just start to work on it. I filed a removal request on LP and for debian. It's attached to the LP bug and nion (Nico Golde) just fixed a bug for me with the DBTS ;) He agrees (he wrote at least one patch for bitchx) with me, that a removal is the best we can do security wise. > > OTOH, we do remove packages from universe if they are removed from > debian. So the current process would be to get it removed from debian > first and then from ubuntu. And I'm sure we can do case-by-case > decisions as well. I'm just saying that we don't have a real process > for this. That's what we try. > > In any case, filing a LP Bug where the status of the case of bitchx > can be tracked is IMO a good idea! > Done. Regards, \sh -- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
