Re: testing vs stable (was Re: broadcom drivers debian (was RE: Debian Installer - Problems Partitioning))
I stutter:
> > It is my subjective experience that the security team is actually
> > pretty good about updating testing. For example the postgresql update
> > applied to both testing & stable.
Steve Langaek (post modern programer) writes:
> This would be very subjective indeed, because the
> security team does nothing to directly address
> security holes in testing.
If I were a diligent person, I'd look at this a bit more carefully (does
apt-get log???) , but here are a few random data points to muddy the
waters.
My various /etc/apt/sources.list files contain:
deb http://security.debian.org/ sarge/updates main contrib non-free
...and when I get a notice from the security list:
http://lists.debian.org/debian-security-announce/
the mentioned package is (always?) updated w/ a apt-get update/upgrade
It doesn't matter (much) to me if the package maintainer updates the
package or the security team. (However, I do seem to seem
"security.debian.org" flashing across the screen when I am updating
packages)
>From the security announcement list (which everyone should subscribe to):
[snip]
Package : gallery
Vulnerability : unauthenticated access
Problem-Type : remote
Debian-specific: no
[snip]
For the current stable distribution (woody), these problems have been
fixed in version 1.2.5-8woody2.
For the ****unstable**** distribution (sid), these problems have been
fixed in version 1.4.3-pl2-1.
Reply to: