[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qpopper [was: what's up with security?]

On Mon, May 29, 2000 at 08:52:48PM +1000, Anand Kumria wrote:
> > is no annoucement but silently discussed on some -devel mailinglist and 
> > installed into the archive??
> As it should be. unstable == alpha; frozen == beta. Neither have been
> released.
> If the security flaw exists in a released version of Debian then
> we should be telling the world of our fix - otherwise they don't
> need to know.

Security announcements serve a few purposes:

	* tell users who never (or irregularly) upgrade to upgrade now
	* share the problem/fix with other distributors (or OEMs)
	* give everyone the impression that we're actually resolving issues

Pretty well all of these apply to frozen & unstable as well as to stable
(although perhaps they don't apply as well to Mandrake betas). Not everyone
running unstable has the bandwidth to upgrade everything every day.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

  ``We reject: kings, presidents, and voting.
                 We believe in: rough consensus and working code.''
                                      -- Dave Clark

Attachment: pgpAROXvKJvCr.pgp
Description: PGP signature

Reply to: