Re: Bug fixes NOT getting from unstable into Woody...

[Brian May <bam@debian.org>]

On Sat, Mar 09, 2002 at 05:59:45PM -0500, Daniel Burrows wrote:
> > Maintainers cannot force their packages into testing.  It is possible to
> > reduce the waiting period to 2 days, provided that there are no other
> > hindrances, but this is a procedure to use for high urgency fixes, not
> > minor ones.
> 
>   Or to zero days; however, the package will still (AFAIK) wait until it
> is rebuilt on all architectures.

I think there should be some mailing list (like
debian-security-announce) that says what packages have security problems
in testing,unstable, and indicates what version of the package is needed
to fix the security problem (regardless of if the fix is yet in testing
or not).

That way, people who use testing can make up their own minds if a
security bug is serious enough to get it from unstable (or even
incomming) in order to avoid the risk.

True - this sort of information is available in debian-private,
but not everyone has access...

Or is this unfeasible for some reason?

I don't think so. All you need is to have the BTS system automatically
mail the security mailing list whenever a bug with the security tag is
closed...