Package: mantis Severity: serious As per http://release.debian.org/etch_rc_policy.txt - 5a, I am opening this RC bug against mantis to prevent it from releasing until which time the security team is convinced that it is a package that can be reasonably supported.
See the discussion thread here: http://lists.debian.org/debian-release/2006/12/msg00437.html ----- Forwarded message from Moritz Muehlenhoff <[EMAIL PROTECTED]> ----- X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-26) on colo.lackof.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.5 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=disabled version=3.1.4 Date: Tue, 12 Dec 2006 22:38:20 +0100 To: Martin Schulze <[EMAIL PROTECTED]> Cc: Andreas Barth <[EMAIL PROTECTED]>, [EMAIL PROTECTED], debian-release@lists.debian.org Subject: Re: Security team's opinion From: Moritz Muehlenhoff <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.83.199.137 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on m25s06.vlinux.de); SAEximRunCond expanded to false X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at lackof.org On Tue, Dec 12, 2006 at 08:12:31PM +0100, Martin Schulze wrote: > Andreas Barth wrote: > > Hi, > > > > there are two issues where I would like to ask you to comment on: > > > > - mantis: We have two requests to allow it in. Is this ok from your > > side? (No bug id, sorry - in case that not, could you please open an > > RC bug on mantis?) > > Why should the Security Team oppose a migration of Mantis? Because it has a _really_ poor security record (21 distinct vulnerabilities in the last two years!), which were extremely hard to fix, as upstream kept information hidden in inaccessible bugs and were thus unadressed for a long time. If mantis were anyhow important I would agree to still keep it, but given that it's a package with no significant user base (40 installed in popcon, probably less in production) it's just not worth the effort. Cheers, Moritz ----- End forwarded message ----- -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
