Your message dated Tue, 27 Mar 2007 00:09:19 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Results of technical committee vote
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wordpress
Severity: serious
On behalf of the Security Team I'm requesting the removal of Wordpress
from Etch. There's a steady flow of security issues being found in
Wordpress and we don't believe it's sanely maintainable over the
course of 30-36 months. (Etch life-time)
As an example, the versions fixing vulnerabilities of the last four
months only:
wordpress (2.1.1-1) unstable; urgency=high
.
* New upstream security release
* Updated copyright with new download link
* [8]http://wordpress.org/development/2007/02/new-releases
* [9]http://trac.wordpress.org/milestone/2.1.1
* [10]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049
wordpress (2.0.8-1) testing-security; urgency=high
.
[Neil McGovern]
* Non-maintainer upload by security team.
* Fixes for CVE-2007-0539 and CVE-2007-0541
[Kai Hendry]
* New upstream release
* Security fix, urgency high for etch
wordpress (2.0.7-1) unstable; urgency=low
.
* New upstream release
* New upstream available (security fix) (Closes: #407116)
wordpress (2.0.6-1) unstable; urgency=high
.
* New upstream release
* Security fix, urgency high.
* FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()"
Function Client-Side Cross Site Scripting Vulnerability.
(Closes: #405299, #405691)
wordpress (2.0.5-0.1) unstable; urgency=medium
.
* NMU on maintainer's request.
* Security fix, urgency medium.
* readme.html: s/license.txt/copyright/. (Closes: #382283)
* New upstream release, which fixes:
- CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup
plugin for WordPress. (Closes: #384800)
Even more worrying, their infrastructure was hacked and they had a
compromised tarball up for download:
http://wordpress.org/development/2007/03/upgrade-212/
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
With six of seven committee members having voted, there is a definite
Condorcet winner and the outcome of the vote is no longer in doubt under
6.3.1 of the constitution. While I'm sure we'd all welcome Raul's thoughts
on the question, and by my reading any member of the TC is still allowed to
change their vote for up to a week after the call for votes, I don't think
there's any harm in proceeding according to this provisional outcome. If
any further votes are received, I'll respin this report at the end of the
week; and I'll wait for the week to be up before requesting changes to
<http://www.debian.org/devel/tech-ctte>. but I will go ahead and close bug
#413269 with this mail.
Option 1--->: wordpress should not be included in etch due to bug #413269
/ Option 2-->: wordpress should be included in etch in spite of bug #413269
|/ Option 3->: Further discussion
||/
V: 213 Andreas Barth
V: 213 Anthony Towns
V: 213 Bdale Garbee
V: 123 Ian Jackson
V: 213 Manoj Srivastava
V: 123 Steve Langasek
In the following table, tally[row x][col y] represents the votes that
option x received over option y.
Option 1 "wordpress should not be included in etch due to bug #413269"
Option 2 "wordpress should be included in etch in spite of bug #413269"
Option 3 "Further discussion"
Option
1 2 3
= = =
Option 1 2 6
Option 2 4 6
Option 3 0 0
Option 2 defeats Option 1 by (4 - 2) = 2 votes.
Option 1 defeats Option 3 by (6 - 0) = 6 votes.
Option 2 defeats Option 3 by (6 - 0) = 6 votes.
The Schwartz contains:
Option 2 "wordpress should be included in etch in spite of bug #413269"
The winner is:
Option 2 "wordpress should be included in etch in spite of bug #413269"
So the decision of the Technical Committee is to include wordpress in etch
in spite the objections of the Security Team; bug #413269 is no longer
release-critical for etch.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
--- End Message ---
