Re: errata page

To: debian-devel@lists.debian.org
Subject: Re: errata page
From: Michael Stone <mstone@itri.loyola.edu>
Date: Fri, 25 Sep 1998 13:08:58 -0400
Message-id: <[🔎] 19980925130858.B27993@itri.loyola.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 19980925170724.D29632@wiggy.ml.org>; from Wichert Akkerman on Fri, Sep 25, 1998 at 05:07:24PM +0200
References: <[🔎] 19980924074350.A3999@itri.loyola.edu> <[🔎] E0zMDyj-0000j4-00@landru.math.uwaterloo.ca> <[🔎] 19980925170724.D29632@wiggy.ml.org>

Quoting Wichert Akkerman (wakkerma@debian.org):
> Previously James A. Treacy wrote:
> > Because no one sent them to the webmaster. I'm not sure whose
> > responsibility it is to do this. Anyway, if a short statement of
> > the problem and the fix are sent to either webmaster@debian.org
> > or debian-www@lists.debian.org it will be added.
> 
> That's not true. There is a webmaster-security@debian.org alias to which
> I sent the tcsh announcement. I have to admit I forgot to do that for
> the bash announcement. If I remember J.D. Thomlinson is responsible for
> handling the security pages. Unfortunately he seems to be missing in
> action at the moment. If you want us to use webmaster@debian.org instead
> please say so.

Hmm. It looks like the latest thing on the security page is dated march
31, 1998. Also, I'm not sure that the page is particularly easy to use
(e.g., it would be nice if there were clickable links to the new
packages.) Is it safe to say that there won't be further security
updates for older versions (rex, bo)? If so, why not use a format like
that on the redhat:
	Package name
	Date
	Description
	Link to update

Then, there should probably be a link to the security page from the
errata page. I like the idea of keeping them seperate, but redhat users
are going to look at the errata page for security fixes. It might also
be nice to have a larger link from the front page to the security
page--right now you really have to hunt for it, as it's off to the side
in fine print. If I didn't miss any, the packages with announcements
since the 2.0 release are:
	hylafax -- new version 4.0.2-5, in r1
	cfingerd -- 1.3.2-11.0, in r1
	mutt -- 0.91.2-2, in r1
	ncurses3.4-dev -- 1.9.9g-8.9.1 (security update only mentions
		dev package, but shouldn't ncurses3.4 be updated too?)
		Superceeded by 1.9.9g-8.10?
	eperl -- 2.2.14-0.2, in r1
	lpr -- hamm unaffected
	inn -- default config not vulnerable
	apache -- 1.3.0-5, in r1
	bsdgames -- 2.1-3hamm1, in r1
	seyon -- default config not vulnerable
	minicom -- default config not vulnerable
	netstd -- 3.07-2hamm.1
	bind -- 8.1.2-3
	bash -- 2.01.1-4
	tcsh -- 6.07.06-5

I'd assume that packages updated in r1 should have that info noted, but
the announcement and link should stick around for people still running
the original release.

If no one else wants to do all this, I could keep the page up to date
and mail it to webmaster for posting.

Mike Stone

Attachment: pgpm3AkImhePv.pgp
Description: PGP signature

Reply to:

References:
- errata page
  - From: Michael Stone <mstone@itri.loyola.edu>
- Re: errata page
  - From: <treacy@debian.org>(James A. Treacy)
- Re: errata page
  - From: Wichert Akkerman <wakkerma@debian.org>

Prev by Date: Re: Back to RedHat
Next by Date: Intent to package: gnome-xml
Previous by thread: Re: errata page
Next by thread: Intent to package: AdaSockets
Index(es):
- Date
- Thread