Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)

To: debian-devel@lists.debian.org, debian-www@lists.debian.org
Subject: Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
From: Joey Hess <joeyh@debian.org>
Date: Mon, 29 May 2000 02:37:11 -0700
Message-id: <[🔎] 20000529023711.M6106@kitenet.net>
Mail-followup-to: debian-devel@lists.debian.org, debian-www@lists.debian.org
In-reply-to: <[🔎] 20000529182053.C32110@azure.humbug.org.au>; from aj@azure.humbug.org.au on Mon, May 29, 2000 at 06:20:53PM +1000
References: <[🔎] 20000528225633.L6106@kitenet.net> <[🔎] 20000529003101.C17839@kitenet.net> <[🔎] 20000529182053.C32110@azure.humbug.org.au>

Anthony Towns wrote:
> > What I'm wondering is if there is some prodedure we can put in place to
> > facilitate the security team in making announcements of security fixes.
> 
> Isn't this essentially the point of setting urgency to "high" in
> debian/changelog?

Well, your idea of looking at, and consistently using urgency=high for
security updates would make it eaiser for the team to find them. But
that's only the first step -- they have to generate an advisory, and for
that they have to know what versions the security hole was in, how
severe it is, and a general description of it. That's why I thought a
template listing those items might be a good idea.

(I've also used urgengy=high for updates that fixed very important
but non-security-related things.)

-- 
see shy jo

Reply to:

References:
- to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
  - From: Joey Hess <joeyh@debian.org>
- Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
  - From: Joey Hess <joeyh@debian.org>
- Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
Next by Date: Re: Which kernels to keep?
Previous by thread: Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
Next by thread: Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)
Index(es):
- Date
- Thread