Removing insecure packages from etch [Was: Re:
[Secure-testing-team] Etch security bug hunting season opened]
Adeodato Simó
dato at net.com.org.es
Wed Aug 16 13:21:09 UTC 2006
* Steve Langasek [Tue, 15 Aug 2006 16:21:57 -0700]:
> > Or, perhaps file a grave bug against each package stating that it
> > cannot be security supported and ask the release team to drop it
> > from etch.
> Should be serious rather than grave, but yes -- the bugs should be filed
> against the unreleasable packages, independent of whether you request
> removal from the archive.
Please sign the mail and mention it is an official request from the
Security Team, IMHO, as to make it clear nobody should be closing it
without talking to the Security Team first.
In any case, if that sounds a bit fragile as to ensure the packages
don't ship in Etch, I'd be willing to maintain a list of packages
blocked by the Security Team in one of the hints file.
Cheers,
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Eric Clapton - Layla
More information about the Secure-testing-team
mailing list