[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze Please?



On Fri, Feb 07, 2003 at 02:10:15PM +1000, Anthony Towns wrote:
> 	* That anyone would bother maintaining security updates for
> 	  testing.

In particular, security updates have _always_ needed to be done
out-of-band, even way back in the day:

] 3.1 Uploading a package
] 	...in order to fix a release-critical bug in prerelease	      
] 
] The only time when the above, overly cautious, procedure is not
] workable, is when a package needs to be rushed into prerelease. This
] is exactly when a release-critical bug is being fixed (whether there
] be a bug report on it or no).
] 
] The correct procedure to follow in this case, should be that the
] package is uploaded to "prerelease" with urgency=medium or high.
] 
] At this point the release group should be automatically informed that
] the update is available, and presuming that it hasn't been uploaded to
] prerelease by mistake, install it into prerlease ASAP. 
] 
] If the release-critical fixes involved security fixes, then once the
] package is installed, a mail should be sent to the -security-announce
] list describing the problem, and similar information should be added
] to the web site.

 -- http://lists.debian.org/debian-devel/1998/debian-devel-199808/msg00002.html

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
        you are now certified as a Red Hat Certified Engineer!''

Attachment: pgpHRY74LB1Jy.pgp
Description: PGP signature


Reply to: