Re: not later than in testing
Sylvain Beucler schrieb am Mittwoch, den 09. Mai 2007:
> On Wed, May 09, 2007 at 10:32:37AM +0200, Alexander Wirt wrote:
> > Keith Edmunds schrieb am Mittwoch, den 09. Mai 2007:
> >
> > > On Wed, 9 May 2007 09:49:46 +0200
> > > Alexander Wirt <formorer@formorer.de> wrote:
> > >
> > > > we
> > > > also decided to allow versions from lenny into sarge-bpo, otherwise it
> > > > would be pretty useless.
> > >
> > > I disagree that it would be 'useless'.
> > >
> > > Could someone who supports the idea of post-Etch packages being present in
> > > sarge-backports please explain how to upgrade a system (that contains such
> > > packages) to etch?
> > As I said before: stop using them now.
>
> But, as pointed by somebody else, it's not possible to switch all the
> machines one administers overnight. Stop using them now would mean no
> security until sarge+bpo machines are upgraded to etch.
There never was any real security support for bpo, just the promise to
install fixed versions if they are available (this is different from stable
where fixed get backported).
With our few people this would be too hard to do.
> So afaics users essentially have to chose between hasty upgrades, lack
> of security, or lack of clean upgrade path.
The alternative would be to shut down sarge-bpo except for backported
packages of etch-security. But thats also not what some people want. (We also
don't want this).
>
> Maybe I'm missing a 4th way though.
Stop using sarge-bpo now and recompile any security fixe coming to
etch-security would be an alternative.
Alex
Reply to: