On Tue, Dec 12, 2006 at 08:12:31PM +0100, Martin Schulze wrote:
> Andreas Barth wrote:
> > Hi,
> >
> > there are two issues where I would like to ask you to comment on:
> >
> > - mantis: We have two requests to allow it in. Is this ok from your
> > side? (No bug id, sorry - in case that not, could you please open an
> > RC bug on mantis?)
>
> Why should the Security Team oppose a migration of Mantis?
Because it has a _really_ poor security record (21 distinct vulnerabilities
in the last two years!), which were extremely hard to fix, as upstream
kept information hidden in inaccessible bugs and were thus unadressed for
a long time.
If mantis were anyhow important I would agree to still keep it, but given
that it's a package with no significant user base (40 installed in popcon,
probably less in production) it's just not worth the effort.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
