[Secure-testing-team] sql-ledger in testing
Thijs Kinkhorst
thijs at debian.org
Sun Oct 21 13:17:58 UTC 2007
On Sunday 21 October 2007 14:04, Steffen Joeris wrote:
> Well my point is that sql-ledger is in stable (and not security supported),
> which is the way it is. For lenny this should, IMHO, not happen again. I
> personally see it that way:
I respectfully disagree with this. In my opinion, when you cannot trust your
authenticated users of sql-ledger, you've got a lot bigger problems than this
security issue.
I'd like to see some real-world cases where this could be exploited before we
start to remove things for which no adequate substitute is packaged yet.
Of course once there's a better package available, I'm all for deprecating
this one. And also of course, it's still a bug which should be fixed when
reasonably possible.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071021/4075907f/attachment.pgp
More information about the Secure-testing-team
mailing list