Web lists-archives.com

binutils security support (Re: fixing debian-security-support upgrades from stretch (for good))




On Mon, May 13, 2019 at 02:17:46PM +0200, Marco d'Itri wrote:
> I strongly object to adding this package, and its dependency 
> gettext-base, to the transitive essential set.

I'll respond to this in a moment. (I agree but it just takes a bit
longer to respond to this.)

> I tried installing it (I had never heard of it before) and I see that it 
> immediately complains about the version of binutils currently in 
> unstable, so I also have serious doubts about the usefulness of 
> a security tool which will always report an alarm.

well, binutils *is* not covered by Debian's security support, and I
do agree that this is useful information this tool should provide.

https://salsa.debian.org/debian/debian-security-support/commit/039d2470d28e858bb29c3f9f0cde8e61e1936719

(and yes, I also agree this is quite a desaster, just like
kde4libs/khtml only is suitable for trusted content, which IOW means,
one should not use konqueror or kmail on the interweb.)


-- 
tschau,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature