[Pkg-monitoring-maintainers] Bug#702775: Bug#702775: ganglia: limiting security support
Daniel Pocock
daniel at pocock.com.au
Tue May 28 08:12:39 UTC 2013
On 28/05/13 09:53, Raphael Geissert wrote:
> Hi Daniel,
>
>
> Although limiting security support is not something that the team
> usually does, Ganglia is not the first package for which this decision
> has been made.
> It is done after a review of the package and its intended use.
>
> If you would like to help change the status, please consider reviewing
> the code, implement standard web security measures and make sure the
> expected use and its requirements are considered also by upstream and
> continued during the following releases.
>
Hi Raphael,
I don't want to question the security team's judgment in this case, I
just want to make sure I understand the situation before communicating
this upstream
Personally, I can't commit to any wholesale refactoring of the Ganglia
web code and I don't know if any other upstream developer would make
that commitment. However, I will ask for this to be tracked as an
upstream issue.
Instead of adding the README.Debian.security file proposed in the
earlier patch, I could add a README.security file upstream - the
security issue is not Debian-specific. However, I will mention in that
file that the Debian security team were involved in analyzing the code
and a reference to this bug.
Regards,
Daniel
More information about the Pkg-monitoring-maintainers
mailing list