Re: Bug#413269: Wordpress in etch
- To: Moritz Muehlenhoff <jmm@inutil.org>, 413269@bugs.debian.org
- Cc: Kai Hendry <hendry@iki.fi>, team@security.debian.org, debian-release@lists.debian.org, 413926@bugs.debian.org
- Subject: Re: Bug#413269: Wordpress in etch
- From: Steve Langasek <vorlon@debian.org>
- Date: Wed, 7 Mar 2007 14:54:41 -0800
- Message-id: <[🔎] 20070307225440.GG12663@mauritius.dodds.net>
- Mail-followup-to: Moritz Muehlenhoff <jmm@inutil.org>, 413269@bugs.debian.org, Kai Hendry <hendry@iki.fi>, team@security.debian.org, debian-release@lists.debian.org, 413926@bugs.debian.org
- In-reply-to: <[🔎] 20070306224629.GA4104@galadriel.inutil.org>
- References: <[🔎] 20070305222659.GB7574@iki.fi> <[🔎] 20070306061606.GU19188@mauritius.dodds.net> <[🔎] 20070306224629.GA4104@galadriel.inutil.org>
On Tue, Mar 06, 2007 at 11:46:29PM +0100, Moritz Muehlenhoff wrote:
> Steve Langasek wrote:
> > Security Team,
> > On Mon, Mar 05, 2007 at 10:27:00PM +0000, Kai Hendry wrote:
> > > As micah suggests I will offer a "firm commitment to actually making
> > > the security updated packages when the hole comes out, and even drafting
> > > the DSA and delivering it to the security team on a silver platter) and
> > > if it becomes untenable I will support the removal"
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> We can't sanely remove a package from a stable release.
> > > Below is the last email from upstream confirming support.
> > Is this satisfactory? Should this bug be closed?
> No, I still believe it's not supportable over the course of a stable
> release and has security issue too frequently.
> Instead of focusing on each one's pet package we need to look at the
> big picture. Maintaining security support for a distribution of the
> size of Debian is already difficult enough.
> If there's user interest in Wordpress, I recommend to maintain it through
> volatile.
This issue has now been referred to the technical committee by Kai. Given
that unstable has a new upstream version of wordpress relative to testing, I
believe the correct course of action is as follows:
- treat this bug as a blocker for etch (RC bug on wordpress), but do not act
immediately to remove the package from testing, giving the TC time to
consider the question of overruling the security team
- if the TC does not render a decision before the etch release, the release
team will proceed with removing this package from etch according to the
request of the security team.
I've cloned & twiddled this bug to reflect this.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: