Package: denyhosts Version: 2.10-2 Severity: serious Tags: security Hi Jan-Pascal,
thank you for your interest in reviving denyhosts. Unfortunately, there are still unresolved issues with denyhosts that make it unfit for release. This bug is meant as a tracker bug and to prevent testing migration until all sub issues are properly tracked. * The denyhosts package is very similar to fail2ban. In particular, both contain a set of regular expressions for matching log files from daemons. These regular expressions are hard to get right. Thus the Debian security team wants to avoid supporting both tools. This argument is similar to how ffmpeg was blocked from jessie, because it was too similar to libav and had a difficult security profile. So until it is clear who will do the security support for denyhosts, denyhosts should stay out of testing. * Your upload reintroduces security bug #692229. * Due to the removal of denyhosts from Debian, the following bugs were closed by the ftp masters: #395565 #436417 #497485 #514024 #529089 #546772 #597956 #567209 #611756 #622697 #643031 #720130 #729322 #731963 Please evaluate which of them need to be reopened or failing that reopen all of them. Sorry for the bad news, but I believe that reincluding the current denyhosts package is a disservice to our users. Helmut
