On 12.05.2016 03:07, Ben Hutchings wrote: > On Wed, 2016-05-11 at 13:55 -0700, Russ Allbery wrote: >> Daniel Stender <sten...@debian.org> writes: >>> >>> Distributed source control management/revision control system. Known as >>> being used for the Linux kernel development before Git was created. The >>> now have put the code under the Apache-2.0 license. Maybe some would >>> like to use this, so it would do no harm to have it as a Debian package. >> FWIW, there was a fairly entertaining exchange on oss-security earlier >> this week in which someone pointed out it was riddled with /tmp >> vulnerabilities found with a simple grep, and the author said that no one >> had cared because it was only deployed behind firewalls. > > That's a stunningly blasé attitude to security at this point in time. > > I really don't think we need more known-vulnerable software in the > archive. > > Ben.
Agree. It shouldn't be included like it is now. Daniel -- 4096R/DF5182C8 http://www.danielstender.com/blog/
