Re: Security updates realized by new releases, case for backports?
On Thu, 03 Oct 2013 14:37:22 +0200
Paul van der Vlis <paul@vandervlis.nl> wrote:
> Hello,
>
> In some cases security updates for packages in main are realized by
> new releases, e.g. Iceweasel and Wordpress. Such packages can give
> problems, e.g. in Wordpress there are missing themes.
>
> In my opinion such packages should be added to backports and then
> declared "end of live" in main. I think it's common to take extra care
> with backports.
>
> Backports could be enabled by default in a new release, e.g. to have
> Iceweasel in a fresh install.
>
> What's your opinion?
>
> With regards,
> Paul van der Vlis.
>
>
>
>
>
Obviously, web browser and web applications are critical for security because they are exposed to eventual attacks. Hence, I agree they should not be updated to new upstream version but instead only backported with security patches. But with web browser situation is even more complicated because web sites are constantly using newer features, support for old browsers is dropped and old browser gradually become less and less usable. It is not the problem with Debian, but with relevant web sites, i.e their way of development, but we must provide people who need it new web browsers and I agree it should be via backports. But probably we could also provide some intermediary solution, e.g Konqueror backport that will not be newest, but newer than in stable?
--
It is not important what I am, it is important to what purpose do I serve, and my whole existance.
http://mr.flossdaily.org
Reply to: