Bug#575575: Fwd: Bug#575575: Should in-source timidity be disabled?

Manuel A. Fernandez Montecelo manuel.montezelo at gmail.com
Wed Dec 28 19:50:45 UTC 2011


forwarded 575575 http://bugzilla.libsdl.org/show_bug.cgi?id=1352
tags  575575 +upstream
stop

I just forwarded this bug for upstream consideration.

Regarding the question to have timidity enabled:

2011/12/4 Matthew W. Miller <mwmiller at columbus.rr.com>:
> I don't know
> about any security holes in the old version of timidity, though -- are
> there any security alerts posted anywhere?

Not especially, but including third party software in Debian packages
is highly discouraged.  The security team (and not only) might have to
mend dozens of unrelated packages when a vulnerability becomes known.
Maybe this is the only package using timidity, I don't know, but
still... far from a desirable practice.

I'll leave it enabled for the time being, though.

Regards and thanks.





More information about the Pkg-sdl-maintainers mailing list