On Mon, Mar 05, 2007 at 01:30:09AM -0800, Steve Langasek wrote:
> On Sun, Mar 04, 2007 at 01:07:14PM +0100, Martin Zobel-Helas wrote:
>
> > On Sat Mar 03, 2007 at 21:15:33 +0100, Moritz Muehlenhoff wrote:
> > > Package: wordpress
> > > Severity: serious
>
> > > On behalf of the Security Team I'm requesting the removal of Wordpress
> > > from Etch. There's a steady flow of security issues being found in
> > > Wordpress and we don't believe it's sanely maintainable over the
> > > course of 30-36 months. (Etch life-time)
>
> > I can understand jmm from the security side of view. Looking at the
> > popcon count and the overall popularity of wordpress at all, i don't
> > share his opinion.
>
> Yes, wordpress is popular; but
>
> - Debian is not the only source for software in the world (I know, shocking,
> right? :), so not including it in etch doesn't mean users can't have it;
> - just because software is popular doesn't mean we should lower our
> standards of quality to include it in a stable release -- users depend on
> us to *support* whatever we ship in stable, so if we don't think we can
> support it, we should avoid giving them that impression in the first
> place;
> - the state of the art in packaging for web apps is not exactly stellar, so
> in many cases users are arguably better off /not/ using these apps in
> packaged form.
Well put. Also:
- No other GNU/Linux distribution ships Wordpress except Gentoo (who only
release new upstream versions, we could do the same through volatile)
- Not shipping wordpress is not a regression as it was never part of stable
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
