The harden-*flaws packages.
Hi
I'm the maintainer of the harden-*flaws packages. The idea is to
have conflicts with packages that are known to have security holes.
This is not a big problem for unstable (and mostly for testing)
but now woody have become stable.
So I now ask you what you think. Should I upload updated conflicts
for woody or should I just let it be as is (the packages are
then quite useless in woody). Or should I upload new ones. With
which priority and for what distribution name? "woody-proposed-updates",
"woody", "woody-security-updates" or what?
It would be great if this could be updated along with new
DSA:s being released (yes I can hopefully help with this) but it
also means that I have to move the CVS for the package (and
possibly split it to a flaw-related and a non-flaw-related source
package.
I have prepared new harden packages (for woody, the sid ones is of course
already uploaded) with a updated conflict list (mostly based on the DSA:s)
that I could upload anytime. But first I have to ask if this is ok.
The woody version differs some from the unstable version because of the
fact that different versions is applicable and different version was
fixed.
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: