[Pkg-mozext-maintainers] Bug#842939: Handling of "malware" in Debian
Jonathan Wiltshire
jmw at debian.org
Wed Nov 9 22:54:27 UTC 2016
On 2016-11-09 18:44, Holger Levsen wrote:
> On Wed, Nov 09, 2016 at 07:14:45PM +0100, W. Martin Borgert wrote:
>> If users of testing or unstable have the malware installed now and
>> the package gets removed from the archive, users are left with the
>> malware, right?
>
> yes
>
>> That's why I thought about uploading an empty package to unstable,
>
> yes, of course.
Whilst that's in progress, let's at least limit damage through new
installations:
jmw at respighi:~$ head -n 3 hints/jmw
# 20161109
# #842939 damage limitation
remove wot/20151208-2
A 'fixed' package can still migrate later.
>> it should be released with stretch, but can be safely removed later.
>
> i'm not sure about the releasing with stretch part. Maybe it would be
> better to have the updated, empty package in stretch in 5plusX days and
> then remove it before the release, say on January 1st.
Let's not actually release it, but a leaf package like this is trivially
removed again.
(Strictly speaking use of Stretch is still 'at own risk' and
unsupported, so this is overkill, but it's small effort to be nice.)
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
More information about the Pkg-mozext-maintainers
mailing list