[Secure-testing-team] sql-ledger in testing

Thijs Kinkhorst thijs at debian.org
Sun Oct 21 13:17:58 UTC 2007


On Sunday 21 October 2007 14:04, Steffen Joeris wrote:
> Well my point is that sql-ledger is in stable (and not security supported),
> which is the way it is. For lenny this should, IMHO, not happen again. I
> personally see it that way:

I respectfully disagree with this. In my opinion, when you cannot trust your 
authenticated users of sql-ledger, you've got a lot bigger problems than this 
security issue.

I'd like to see some real-world cases where this could be exploited before we 
start to remove things for which no adequate substitute is packaged yet.

Of course once there's a better package available, I'm all for deprecating 
this one. And also of course, it's still a bug which should be fixed when 
reasonably possible.


Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071021/4075907f/attachment.pgp 


More information about the Secure-testing-team mailing list