Re: The harden-*flaws packages.

To: debian-devel@lists.debian.org
Cc: Ola Lundqvist <opal@debian.org>
Subject: Re: The harden-*flaws packages.
From: Ola Lundqvist <opal@debian.org>
Date: Thu, 29 Aug 2002 14:54:36 +0200
Message-id: <[🔎] 20020829125435.GA10867@chrystal.opal.dhs.org>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Reply-to: opal@debian.org
In-reply-to: <[🔎] 20020829123935.GB29144@riva.ucam.org>
References: <[🔎] 20020829123512.GA10477@chrystal.opal.dhs.org> <[🔎] 20020829123935.GB29144@riva.ucam.org>

Hi

On Thu, Aug 29, 2002 at 01:39:35PM +0100, Colin Watson wrote:
> On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote:
> > I'm the maintainer of the harden-*flaws packages. The idea is to
> > have conflicts with packages that are known to have security holes.
> > This is not a big problem for unstable (and mostly for testing)
> > but now woody have become stable.
> > 
> > So I now ask you what you think. Should I upload updated conflicts
> > for woody or should I just let it be as is (the packages are
> > then quite useless in woody). Or should I upload new ones. With
> > which priority and for what distribution name? "woody-proposed-updates",
> > "woody", "woody-security-updates" or what?
> 
> I'm not honestly sure why it helps. Surely in order to see the new
> harden-*flaws packages, people will have to update, and at that point
> they will see the new packages anyway? I don't understand why somebody
> would upgrade harden-*flaws and not the security updates themselves. As

Well there is one reason why you could like this (and one of the reasons
why I wrote them) and that is if you have a own package repository
or a repository that is not a official site.

You do probably not want to upgrade everything (if you have such a system)
so to check with the *flaws package can be a good thing.

> far as I can tell, harden-*flaws is only useful for security holes for
> which no fix is available.

That is a reason too. I have almost never got any information about any
bug that is not fixed. It happens but is not very common.

But of course stable should remain stable and this kind of uploads
are not very critical (or?).

Regards,

// Ola

> -- 
> Colin Watson                                  [cjwatson@flatline.org.uk]
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Reply to:

References:
- The harden-*flaws packages.
  - From: Ola Lundqvist <opal@debian.org>
- Re: The harden-*flaws packages.
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: [Mark.Martinec@ijs.si: Re: perl 5.8 breaks amavis]
Next by Date: Re: Is lintian stalled? [Re: Is this still valid?]
Previous by thread: Re: The harden-*flaws packages.
Next by thread: Bug#158756: ITP: vmailmgr -- Powerful qmail addon package for virtual domain email.
Index(es):
- Date
- Thread