Hi I agree that it may not be the best to remove it then. I suggest we mark it as no-dsa then. Any objections?
// Ola On 22 November 2017 at 21:00, Emilio Pozuelo Monfort <po...@debian.org> wrote: > On 08/11/17 20:19, Ola Lundqvist wrote: >> Hi >> >> Considering that this package is about to be removed from jessie I >> guess it should be removed from wheezy too. How is that done? Should I >> contact the FTP maintainers about it, or do we simply ignore the >> issue? > > We don't have point releases, so I'm not sure we can get a package removed at > this stage without extra work by the ftp masters. So our options would be: > > - mark as no-dsa if it's not important enough > - mark as unsupported / end-of-life > - fix it > - get it removed > > The issue seems only exploitable if it's used by a service that is exposed > remotely or to other issues... and has no rdeps in wheezy. OTOH there is at > least one sponsor using that package. So removing it may not be the best > course > given there is a proposed patch. So I'd go with either no-dsa or fix it, > depending on the assessed importance. > > Cheers, > Emilio -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
