Source: zabbix Version: 1:7.0.10+dfsg-2 Severity: normal X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: block 1124558 by -1
Hi As per discussion the limited security support for zabbix is ideally documented as well in the source package and should be something along the lines, quoting Moritz: > As a first step the package should add a README.Debian.security > including something along the following lines: > > - Treat security issues in the Web UI as non issues as we expect them > to be restricted to trusted users > - If there are other vulnerabilitities fix them via trixie-security by > shipping the upstream branch releases. > - Once upstream support for a release series ends, security support in > foo-security also ends > - Revisit in two years how well that worked. Can you add one on the next unstable upload? A corresponding bug exists to add zabbix as limmited supported as well in debian-security-support as per #1124558. Thank you already, Regards, Salvatore
