Users, DDs and I don't agree with Moritz's decision here. Hence I've reassigned the bug to the Debian Technical Committee for hopefully a quick ruling.
I tried to resolve the problem again last night, you can read the IRC log below. Moritz believes that Wordpress shouldn't be in etch as it is too vulnerable to security issues and will prove a burden for Debian security team. Wordpress might be more vulnerable that some other packages due to PHP and its high use. Though it has excellent committed support from upstream who currently maintain a stable security 2.0.x branch for Debian until 2010. So these security issues, if any, will pose little burden on Debian's security team. Have a nice day :) --- Log opened Tue Mar 06 22:51:32 2007 22:51 -!- hendry [EMAIL PROTECTED] has joined #debian-security 22:51 -!- Irssi: #debian-security: Total of 30 nicks [0 ops, 0 halfops, 0 voices, 30 normal] 22:51 -!- Irssi: Join to #debian-security was synced in 2 secs 22:52 < hendry> jmm_: is it just your decision on #413269 or debian-security make a collective decision? 22:52 < jmm_> hendry: security team 22:55 < hendry> i don't like this decision. 22:55 < hendry> gentoo is a bad argument 22:55 < zobel> jmm_: which i still oppose.. 22:55 < zobel> with the fact you gave, we could also remove php from etch 22:56 < zobel> looking at the security bugs there are currently around. 22:56 < hendry> jmm_: who else said wordpress shouldn't be in etch? 22:57 < jmm_> hendry: I asked around and noone stepped forward in favour of it 22:58 < hendry> how about asking who opposes it? 22:59 < hendry> moritz, a lot of people want this package 22:59 < hendry> so far all I can see is you opposing it 23:00 < jmm_> hendry: re-read what I wrote about the bug picture 23:00 < jmm_> hendry: s/bug/big 23:00 < hendry> i read it 23:01 < hendry> there is little/no work by the security team to be done. did you read upstream's commitment? 23:03 < jmm_> it's still a significant overhead 23:04 < jmm_> I'm unwilling to discuss over and over again, I have work to do 23:04 < jmm_> unless you convince some other security team member for a clear commitment to support, we can't support it 23:04 < zobel> jmm_: i will now ask for the removal of php in etch! php is much worse maintained than wordpress! 23:05 < jmm_> zobel: bullshit, php is excellently maintained 23:05 -!- faw [EMAIL PROTECTED] has quit [Quit: Leaving] 23:05 < zobel> so?! it took only 2 month lately to get security patches applied by their maintaiers. 23:07 < jmm_> current php update is ready and only waiting for an m68k build 23:08 < hendry> well, I think will ask ctte for a decision on this too 23:08 < hendry> i don't want to spend any more time on this either 23:09 < zobel> jmm_: you should better work on links2. the security team currently seems not to be able to support this simple package on all architectures... 23:10 < jmm_> zobel: you need to discuss this with skx 23:11 < zobel> jmm_: [EMAIL PROTECTED] is primary point of contact for me. and i won't do any further work on that. 23:19 < hendry> ok nn peopl --- Log closed Tue Mar 06 23:19:12 2007
signature.asc
Description: Digital signature
