Re: Security updates without DSA?
Martin Schulze <joey@infodrom.org> writes:
> Olaf Meeuwissen wrote:
> > Olaf Meeuwissen <olaf@epkowa.co.jp> (that's me!) writes:
> >
> > > Dear .debs,
> > >
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody pre6 CDs, hardened and upgraded to woody proper. [...]
> > >
> > > Before applying the upgrades I checked whether there was a DSA for the
> > > packages that were going to be upgraded. Surprise, there were several
> > > that did not (seem to) have a corresponding DSA.
> > >
> > > Question: Is that normal and OK?
>
> Yes. During the deep freeze of woody the security infrastructure was
> implemented. Security updates were added to woody before it was released
> without issuing a DSA for each and every package.
As mentioned in another mail to the debian-security list, this is true
for the fetchmail-ssl package, but *not* for the kdenetwork packages.
The security upgrades are not the packages that were in woody when it
got released.
--
Olaf Meeuwissen EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
LPIC-2 -- I hack, therefore I am -- BOFH
Reply to: