On Sun, Mar 04, 2007 at 01:07:14PM +0100, Martin Zobel-Helas wrote: > On Sat Mar 03, 2007 at 21:15:33 +0100, Moritz Muehlenhoff wrote: > > Package: wordpress > > Severity: serious
> > On behalf of the Security Team I'm requesting the removal of Wordpress > > from Etch. There's a steady flow of security issues being found in > > Wordpress and we don't believe it's sanely maintainable over the > > course of 30-36 months. (Etch life-time) > I can understand jmm from the security side of view. Looking at the > popcon count and the overall popularity of wordpress at all, i don't > share his opinion. Yes, wordpress is popular; but - Debian is not the only source for software in the world (I know, shocking, right? :), so not including it in etch doesn't mean users can't have it; - just because software is popular doesn't mean we should lower our standards of quality to include it in a stable release -- users depend on us to *support* whatever we ship in stable, so if we don't think we can support it, we should avoid giving them that impression in the first place; - the state of the art in packaging for web apps is not exactly stellar, so in many cases users are arguably better off /not/ using these apps in packaged form. More persuasive to me than a popcon count would be evidence that wordpress is not going to cause a disproportionate burden on the security team, and/or that security support for wordpress isn't going to suffer substantially because it's given a lower priority by the security team. So presently, I still don't see any reason to override the security team's position if they believe this package is not supportable over the lifetime of a stable release. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
