Re: The harden-*flaws packages.

To: debian-devel@lists.debian.org
Cc: Ola Lundqvist <opal@debian.org>
Subject: Re: The harden-*flaws packages.
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 29 Aug 2002 13:39:35 +0100
Message-id: <[🔎] 20020829123935.GB29144@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org, Ola Lundqvist <opal@debian.org>
In-reply-to: <[🔎] 20020829123512.GA10477@chrystal.opal.dhs.org>
References: <[🔎] 20020829123512.GA10477@chrystal.opal.dhs.org>

On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote:
> I'm the maintainer of the harden-*flaws packages. The idea is to
> have conflicts with packages that are known to have security holes.
> This is not a big problem for unstable (and mostly for testing)
> but now woody have become stable.
> 
> So I now ask you what you think. Should I upload updated conflicts
> for woody or should I just let it be as is (the packages are
> then quite useless in woody). Or should I upload new ones. With
> which priority and for what distribution name? "woody-proposed-updates",
> "woody", "woody-security-updates" or what?

I'm not honestly sure why it helps. Surely in order to see the new
harden-*flaws packages, people will have to update, and at that point
they will see the new packages anyway? I don't understand why somebody
would upgrade harden-*flaws and not the security updates themselves. As
far as I can tell, harden-*flaws is only useful for security holes for
which no fix is available.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: The harden-*flaws packages.
  - From: Ola Lundqvist <opal@debian.org>

References:
- The harden-*flaws packages.
  - From: Ola Lundqvist <opal@debian.org>

Prev by Date: The harden-*flaws packages.
Next by Date: Re: [Mark.Martinec@ijs.si: Re: perl 5.8 breaks amavis]
Previous by thread: The harden-*flaws packages.
Next by thread: Re: The harden-*flaws packages.
Index(es):
- Date
- Thread