Re: [SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1017-1] New Linux kernel 2.6.8 packages fix several vulnerabilities
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 5 Apr 2006 10:50:22 +0200
Message-id: <[🔎] slrne3716e.9rc.jmm@inutil.org>
References: <slrne2af1n.6vh.jmm@inutil.org> <44255B1D.5030003@rcn.com>

Ralph Katz wrote:
>> It's mandatory to subscribe to debian-security-announce if you install
>> security updates. While most upgrades can run unattended there will always
>> be corner cases, that require special attention of the local admin installing
>> the update. A kernel update with an ABI bump is such a corner case.
>>
>
> Mandatory?!  Then isn't it a bug in the debian installation process to
> not mention this?

It might work automatically for >95% of all cases, but might cause breakage
for the remainders, so it's very much recommended.

> How can we advise users (like me) to add  security.debian.org to
> /etc/apt/sources.list and not mention the mandatory
> debian-security-announce subscription?
>
> I'm sure many debian users and sys admins will miss this upgrade by not
> knowing such subscription is required.

Please ask the documentors to add this information, where it's missing.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: OpenSSL vs. GnuTLS in Exim
Next by Date: Re: Sparc 2.4 Sarge kernel metapackages have not been updated by DSA 1018-1
Previous by thread: Checking PGP signature for DSA from M Muehlenhoff
Next by thread: Re: Sparc 2.4 Sarge kernel metapackages have not been updated by DSA 1018-1
Index(es):
- Date
- Thread