[Secure-testing-team] Bug#802917: do not migrate denyhosts to testing: who will do security support?
Helmut Grohne
helmut at subdivi.de
Sun Oct 25 05:04:52 UTC 2015
Package: denyhosts
Version: 2.10-2
Severity: serious
Tags: security
Hi Jan-Pascal,
thank you for your interest in reviving denyhosts. Unfortunately, there
are still unresolved issues with denyhosts that make it unfit for
release. This bug is meant as a tracker bug and to prevent testing
migration until all sub issues are properly tracked.
* The denyhosts package is very similar to fail2ban. In particular,
both contain a set of regular expressions for matching log files from
daemons. These regular expressions are hard to get right. Thus the
Debian security team wants to avoid supporting both tools. This
argument is similar to how ffmpeg was blocked from jessie, because it
was too similar to libav and had a difficult security profile. So
until it is clear who will do the security support for denyhosts,
denyhosts should stay out of testing.
* Your upload reintroduces security bug #692229.
* Due to the removal of denyhosts from Debian, the following bugs were
closed by the ftp masters:
#395565 #436417 #497485 #514024 #529089 #546772 #597956 #567209 #611756
#622697 #643031 #720130 #729322 #731963
Please evaluate which of them need to be reopened or failing that
reopen all of them.
Sorry for the bad news, but I believe that reincluding the current
denyhosts package is a disservice to our users.
Helmut
More information about the Secure-testing-team
mailing list