[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)

Anthony Towns wrote:
> > What I'm wondering is if there is some prodedure we can put in place to
> > facilitate the security team in making announcements of security fixes.
> Isn't this essentially the point of setting urgency to "high" in
> debian/changelog?

Well, your idea of looking at, and consistently using urgency=high for
security updates would make it eaiser for the team to find them. But
that's only the first step -- they have to generate an advisory, and for
that they have to know what versions the security hole was in, how
severe it is, and a general description of it. That's why I thought a
template listing those items might be a good idea.

(I've also used urgengy=high for updates that fixed very important
but non-security-related things.)

see shy jo

Reply to: