Re: Bug#413269: Wordpress in etch

[Steve Langasek <vorlon@debian.org>]

On Tue, Mar 06, 2007 at 11:46:29PM +0100, Moritz Muehlenhoff wrote:
> Steve Langasek wrote:
> > Security Team,

> > On Mon, Mar 05, 2007 at 10:27:00PM +0000, Kai Hendry wrote:
> > > As micah suggests I will offer a "firm commitment to actually making
> > > the security updated packages when the hole comes out, and even drafting
> > > the DSA and delivering it to the security team on a silver platter) and
> > > if it becomes untenable I will support the removal"
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> We can't sanely remove a package from a stable release.

> > > Below is the last email from upstream confirming support.

> > Is this satisfactory?  Should this bug be closed?

> No, I still believe it's not supportable over the course of a stable
> release and has security issue too frequently.
> Instead of focusing on each one's pet package we need to look at the
> big picture. Maintaining security support for a distribution of the
> size of Debian is already difficult enough.

> If there's user interest in Wordpress, I recommend to maintain it through
> volatile.

This issue has now been referred to the technical committee by Kai.  Given
that unstable has a new upstream version of wordpress relative to testing, I
believe the correct course of action is as follows:

- treat this bug as a blocker for etch (RC bug on wordpress), but do not act
  immediately to remove the package from testing, giving the TC time to
  consider the question of overruling the security team
- if the TC does not render a decision before the etch release, the release
  team will proceed with removing this package from etch according to the
  request of the security team.

I've cloned & twiddled this bug to reflect this.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/