On Wednesday, May 14, 2003, at 11:22 AM, Anthony Towns wrote: <snip>
This isn't possible in general; when mysql has a security problem you can't just tell people to (a) not use it, or (b) just run the unstable/stable version anyway, in spite of whatever reasons they based their decision to use testing on in the first place.
I'm not sure I see why not. It is testing after all - packages are not required to be functional and people running testing are happy to deal with that situation. And I think its much better than having mysql installed with a security problem and not knowing about it.
We already know the right way of dealing with security bugs; we do it for our stable releases. If you care about security and testing, all you have to do is the same thing that's being done there. It's really that simple.
I care about security in testing, and I believe others do too. But I don't think the process should be the same as with stable releases. Testing should not become another psudo stable distribution....it's for testing. So I don't think security management needs to be anywhere near as comprehensive.
*shrug* But maybe I'm wrong and it's just me who likes to run testing (to help out with 'testing' the distribution) but doesn't really like the idea of having to deal with known remote security problems. Maybe nobody else cares and I should just shut up ;-)
Regards, Chris
Attachment:
PGP.sig
Description: This is a digitally signed message part