Re: Proposal for new Security subsection for non-US
On Sun, Jun 23, 2002 at 04:51:20PM -0400, Phillip Hofmeister wrote:
> > Well, still binary patching could be implemented (although, in a rather
> > osbscure way) using pre-install scripts which would patch the definition
> > files. However, this would require two packages providing the same
> > version of the definition files (a patch package and a complete
> > new-version package) and a whole lot of patch packages dangling around.
> > So I guess I am writing nonsense.
> Umm...silly thought...couldn't we have two packages. The binary then a lib
> (which the binary depends on) that would contain the defs, then just update
> the libs?
I think the problem is that as others have said, no package which is 10
minutes old should go into testing. Therefore packages in stable are
going to have to depend on packages in unstable. This can only happen
happily with pinning. Therefore I can't see any further problems.
snort exists in stable. Depends on package snort-definitions which *does
not* exist in stable but only exists in unstable. Pinning thus allows
the user to track stable as per normal, but for snort-definitions, it
If I've missed something obvious, please shout at me ;-)
So now we need a list of packages that are going to need individual
definition packages and to get going. I guess we really should have
another package (security-updater?) that updates sources.list with the
BOFH Excuse Board:
not properly grounded, please bury computer
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org