[Secure-testing-team] sql-ledger in testing
Raphael Hertzog
hertzog at debian.org
Sun Oct 21 09:38:57 UTC 2007
Hi Steffen,
On Sun, 21 Oct 2007, Steffen Joeris wrote:
> I have read up on your discussion with the stable sec team. At the moment,
> sql-ledger is in testing and from what I have heard it would be possible to
> package and upload LedgerSMB, which fixes the security issues. Therefore, I
> would like to remove sql-ledger from testing. For lenny, ledgersmb could be
> used then. Any objections?
Yes. Until someone has done the job of packaging LedgerSmb I would like to
keep sql-ledger. Please understand that we're speaking of a financial
application that companies are using... (mine included).
Also it won't be trivial to migrate from one to the other, so it's a fair
bit of work to create the package and offer a sane upgrade path.
We already documented the fact that sql-ledger is not safe to use in a
untrusted environment.
Cheers,
--
Raphaël Hertzog
Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
More information about the Secure-testing-team
mailing list