[Mailman-Users] a few questions about the NNTP gateway

Manlio Perillo manlio_perillo at libero.it
Tue Aug 7 16:20:58 CEST 2007

Barry Finkel ha scritto:
> Brad Knowles wrote in reply to a posting:
>> And I'm not at all convinced that "security problems are not a 
>> problem, with Debian" or any other OS, for that matter.  Especially 
>> not with an old binary package that is based on old code that is 
>> known to have security flaws.
> When I was comparing the sources for Ubuntu/Debian Mailman 2.1.5
> against the SourceForge 2.1.9 source, I had to check the three
> security patches in 2.1.9.  Two of the patches matched; one was
> completely different (different code in a different module).
> I do not have enough knowledge of the internals of Mailman to be
> able to determine if this third patch resolved the security
> problem.  I ended up building my own Ubuntu package from the 2.1.9
> SourceForge source, in the process eliminating almost all of the
> Debian/Ubuntu patches.  The patches were, for the most part,
> undocumented, so I had no idea exactly what they did.  Nor did I know
> if they would fit into the 2.1.9 source, as some of the patches were
> based on pre-2.1.5 code.

This was unexpected!
Do you have opened a bug report?

However the life of a Debian package maintainer is not easy.
It should maintain a package to a stable version for 1-2 years.

Regards  Manlio Perillo

More information about the Mailman-Users mailing list