On Fri, Aug 27, 2010 at 12:01:37AM -0400, Michael Gilbert wrote: > The lenny webkit package has an insurmountable number of security > vulnerabilities [0]. The version included there was of an experimental > nature, and the only front end available is the builtin GtkLauncher > app, which isn't very functional itself and is likely used by no one. > There are no reverse dependencies. > > Please remove the package for the upcoming lenny point release. I've > brought this up with the security team and webkit maintainers [1],[2], > and there has so far been no objection. However, I also didn't get > any responses either way. You may want to try to touch base with > either/both teams directly. > > I think removal is the only supportable course of action.
The secure-testing list is inappropriate to ask the security team about a package in Lenny. Please use the appropriate contact and get them to reply. Some CVEs are listed as "minor issue - no DSA", so it wouldn't be valid to remove it for that. (Sadly it seems that there's no overview to list a package's vulnerabilities in Lenny at a glance?) Kind regards, Philipp Kern
signature.asc
Description: Digital signature
