Hi,
* Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-08-04
18:37]:> On Tue, 04 Aug 2009 12:57:07 +0200, Giuseppe Iuculano wrote:
> > How we should track them?
> >
> > Maintainer closed #538240 because users must update the Adobe Flash
Player with:
> > update-flashplugin-nonfree --install
>
> i''d say add issues/CVEs to the tracker for users''
awareness, but don''t
> spend time actively working them. users should understand the can of
> worms that flash is.
>
> maybe there should be an announcement similar to iceweasel in etch
> indicating lack of security support for flash?
We are currently discussing internally how to handle such
situations. We are not yet sure if we want to send out a DSA
for something like that. Those packages aren''t supported by
the security team still it would be nice to somehow reflect
an update to the users. At the moment we lack of an idea on
how to do that in a sane way.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090804/92bc86ef/attachment.pgp>