On Mon, Jan 30, 2017 at 02:36:11PM +0000, Gianfranco Costamagna wrote:
> fully agree, but I'm not in the position to revert this change
> >Why can't the Security Team treat VirtualBox like how it's been
> >treating WebKit1? Still have it in the archives but with a prominent
> >notice that Debian does not provide security updates.
The usual expectation is that everything in Debian is covered by
reasonable security support. We need to make some exceptions for
technical reasons (as like in webkit, where it's simply not
feasible to backport). Security support for vbox would be feasible,
but fails entirely due to Oracle's policy. If up for them to fix
that.
Cheers,
Moritz
