Re: security in testing
On Wed, May 14, 2003 at 10:07:16AM +0300, Chris Leishman wrote:
> Actually - I didn't suggest this. I suggested there should be some
> consensus on what to do about security problems in testing - my main
> suggestion is that packages should be simply removed and the user
> notified of what actions they can do to get it back (such as upgrading
> to an unstable version, downgrading to a stable version, or fixing the
This isn't possible in general; when mysql has a security problem
you can't just tell people to (a) not use it, or (b) just run the
unstable/stable version anyway, in spite of whatever reasons they based
their decision to use testing on in the first place.
We already know the right way of dealing with security bugs; we do it for
our stable releases. If you care about security and testing, all you have
to do is the same thing that's being done there. It's really that simple.
Anthony Towns <firstname.lastname@example.org> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Dear Anthony Towns: [...] Congratulations --
you are now certified as a Red Hat Certified Engineer!''