Re: The harden-*flaws packages.
Daniel Martin <firstname.lastname@example.org> writes:
> Martin Schulze <email@example.com> writes:
> Hrm. The more I think about this the more I wonder if maybe the
> harden-*flaws packages make much sense in stable at all. If someone
> is apt-get'ing from security.debian.org, they're already replacing
> vulnerable versions with fixed ones. If someone is updating from a
> point release CD, the same thing applies. The only case where I can
> see it making sense is with someone following testing with most of
> their packages on hold (they really want a stable system, and only
> upgrade a package when they need to). Am I missing a scenario?
They should have stable as their distribution with highest priority
for apt. That includes security for stable.
On top of that the few packages they want more current can be
installed from woody or sid. No need to keep everything else on hold,
making stable first priority for apt should be enough.
And then they would get security updates.