Dave Hall wrote:
> > Note also that there are concerns from the security team about this
> > package
>
> They have never raised any issues with the project via our security
> related email address - [EMAIL PROTECTED] I am more than happy
> to discuss any concerns that they may have.
[ This is not the main reason, why it was removed. It was removed
because it was marked as unmaintained. Unmaintained packages
which are known to cause security updates are rather maintained
than kept ]
The main concern is mostly due the way phpgroupware is packaged; it
embeds several components (fudforum, phpsysinfo, xmlrpc are what I
I remember), which need to be fixed separately in several places
across our archive whenever a security problem is found. The PHP
world needs something which resembles shared libs, otherwise this
turns unmaintainable.
Something, which you as upstream can do to help is to release isolated
patches for security problems. Packaging new upstream releases is not
an option for Debian (as it is not an option for RHEL or SLES either)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
