Security updates from BPO (was: Good practise for using etch-backports when lenny is released)
Hi!
Just *my* opinion...
Alexander Wirt wrote:
>
> Emmanuel Kasper schrieb am Mittwoch, den 15. Oktober 2008:
>
> > [...]
> > From what I understand in this mail
> > http://lists.debian.org/debian-isp/2008/09/msg00046.html
> > if I keep etch-backports in my sources.list after Lenny is released, I
> > may get packages backported from Squeeze, which may break a later
> > etch2lenny upgrade
> Yes thats true. But since there is no automatic installation of updates from
> etch-bpo there should be no problem (only if you use that stupid pinning
^^^^^^^^^^^^^^^^^^^^^^!!!!!!^^^^^^^^
> mechanism, but that is your problem), so you just have to check the version
^^^^^^^^^^^^^^^^^^^^^^^!!!!!!!!!!!!^
> before you install or upgrade anything from bpo.
... a little bit upset by your comment ....
IIRC BPO started with automatic updates of installed packages and there
was no discussion about changing this behaviour, right? Maybe I just
missed this discussion, so if there was one please give my a hint.
I'm *really* interested how many people out there put backports.org in
their sources.list and are running vulnerable versions because of *NOT*
getting "security updates" from BPO.
Yes, I know that people who are using BPO *should* read this mailing
list but I don't think 5% or more are doing so... So from a BPO user
point of view this isn't really what he/she expects.
IMHO. YMMV.
bye
Sven
--
Leukämie -> http://de.wikipedia.org/wiki/Leuk%C3%A4mie
Heilung -> http://de.wikipedia.org/wiki/Knochenmark#Knochenmarkspende
Typisierung -> http://www.knochenmarkspende.de/html/reg_akb.php
Warum&Fragen -> sven@velt.de
Reply to: