On Fri, Jan 31, 2020 at 10:10:38PM +0100, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Fri, Jan 31, 2020 at 10:59:05PM +0200, Adrian Bunk wrote:
> > Source: radare2
> > Severity: grave
> > Tags: security
> > 
> > It is understandable (and normal for most software) that upstream
> > is not able or willing to provide security support for the old
> > version shipped in stable distribution releases.
> > 
> > But below seems to be upstream actively encouraging exploiting
> > the version in stable.
> > 
> > AFAIK Debian in general tries to avoid shipping software when upstream
> > strongly objects to it, or is openly hostile towards Debian.
> 
> [...]
> 
> FTR, this was as well raised back in [1]. AFAIK there was no direct
> feedback to the question from Moritz back then.

Yeah, we should at least remove radare2 from oldstable (IIRC for
buster there's an rdep which prevents that)

Cheers,
        Moritz

Reply via email to