[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security updates from BPO (was: Good practise for using etch-backports when lenny is released)


Just *my* opinion...

Alexander Wirt wrote:
> Emmanuel Kasper schrieb am Mittwoch, den 15. Oktober 2008:
> > [...]
> > From what I understand in this mail
> > http://lists.debian.org/debian-isp/2008/09/msg00046.html
> > if I keep etch-backports in my sources.list after Lenny is released, I  
> > may get packages backported from Squeeze, which may break a later  
> > etch2lenny upgrade
> Yes thats true. But since there is no automatic installation of updates from
> etch-bpo there should be no problem (only if you use that stupid pinning
> mechanism, but that is your problem), so you just have to check the version
> before you install or upgrade anything from bpo. 

... a little bit upset by your comment ....

IIRC BPO started with automatic updates of installed packages and there
was no discussion about changing this behaviour, right? Maybe I just
missed this discussion, so if there was one please give my a hint.

I'm *really* interested how many people out there put backports.org in
their sources.list and are running vulnerable versions because of *NOT*
getting "security updates" from BPO.

Yes, I know that people who are using BPO *should* read this mailing
list but I don't think 5% or more are doing so... So from a BPO user
point of view this isn't really what he/she expects.




Leukämie     -> http://de.wikipedia.org/wiki/Leuk%C3%A4mie
Heilung      -> http://de.wikipedia.org/wiki/Knochenmark#Knochenmarkspende
Typisierung  -> http://www.knochenmarkspende.de/html/reg_akb.php
Warum&Fragen -> sven@velt.de

Reply to: