On Wed, 2016-05-11 at 13:55 -0700, Russ Allbery wrote: > Daniel Stender <sten...@debian.org> writes: > > > > > Distributed source control management/revision control system. Known as > > being used for the Linux kernel development before Git was created. The > > now have put the code under the Apache-2.0 license. Maybe some would > > like to use this, so it would do no harm to have it as a Debian package. > FWIW, there was a fairly entertaining exchange on oss-security earlier > this week in which someone pointed out it was riddled with /tmp > vulnerabilities found with a simple grep, and the author said that no one > had cared because it was only deployed behind firewalls.
That's a stunningly blasé attitude to security at this point in time. I really don't think we need more known-vulnerable software in the archive. Ben. -- Ben Hutchings If you seem to know what you are doing, you'll be given more to do.
signature.asc
Description: This is a digitally signed message part
