Package: ftp.debian.org
Severity: normal
Please remove bugzilla. It has open security issues allowing account
compromise (#611176) and the package is very hard to support without
maintainer support (which is non-existing, last upload dates back
nine months), since it's very difficult to test and the packaging
is non-standard (several scripts are being run at build time which
modify the sources in an awkward way).
Plus, Debian has been - rightfully - blamed by upstream in a posting
at Planet Mozilla that Debian provides poor security support for
Bugzilla. Right now people are better off using an upstream tarball.
The security team will fix the open issues for oldstable/stable, but
we should remove it from the archive for unstable/testing.
Bugzilla should only reenter the archive if >= two maintainers commit
to its maintenance.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
