Control: clone 948634 -1 Control: reassign -1 src:binutils Control: retitle -1 binutils: Please add a README.Debian.security documenting security support for binutils Control: blocked 948634 with -1
Hi Daniel, On Sat, Jan 11, 2020 at 02:28:14AM +0000, Daniel Shahaf wrote: > Package: debian-security-support > Version: 2019.06.13 > Severity: important > Tags: patch > Control: affects -1 binutils > > Dear Maintainer, > > Now that binutils has limited security support, please elaborate on its > status. Suggested patch (against current git): > > --- a/security-support-limited > +++ b/security-support-limited > @@ -7,7 +7,7 @@ > # In the program's output, this is prefixed with "Details:" > > adns Stub resolver that should only be used with trusted recursors > -binutils Not covered by security support > +binutils Only suitable for trusted content; see > https://lists.debian.org/msgid-search/87lfqsomtg....@mid.deneb.enyo.de > ganglia See README.Debian.security, only supported behind an > authenticated HTTP zone, #702775 > ganglia-web See README.Debian.security, only supported behind an > authenticated HTTP zone, #702776 > glpi Only supported behind an authenticated HTTP zone for trusted > users > > @Florian That linked message is yours; any objections from you? yes we can add that, but OTOH we asked the binutils maintainer already when we decided to mark it as unsupported, to please add a README.Debian.security file shipped in the package with a explanation, similar to the above, that there is none covering binutils by security updates (including upstream!). That would then be a slightly better reference to add, so I would rather go with that. The README.Debian.security file could contain something along the following lines: > binutils (the tools the included libraries like libbfd) are not > covered by security support, i.e. bugfixes are not backported to > stable releases and will only land in the next release. Matthias, could you add this? Regards, Salvatore
