On Fri, Jan 31, 2020 at 10:10:38PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Fri, Jan 31, 2020 at 10:59:05PM +0200, Adrian Bunk wrote:
> > Source: radare2
> > Severity: grave
> > Tags: security
> >
> > It is understandable (and normal for most software) that upstream
> > is not able or willing to provide security support for the old
> > version shipped in stable distribution releases.
> >
> > But below seems to be upstream actively encouraging exploiting
> > the version in stable.
> >
> > AFAIK Debian in general tries to avoid shipping software when upstream
> > strongly objects to it, or is openly hostile towards Debian.
>
> [...]
>
> FTR, this was as well raised back in [1]. AFAIK there was no direct
> feedback to the question from Moritz back then.
Yeah, we should at least remove radare2 from oldstable (IIRC for
buster there's an rdep which prevents that)
Cheers,
Moritz