On Fri, Feb 07, 2003 at 02:10:15PM +1000, Anthony Towns wrote: > * That anyone would bother maintaining security updates for > testing. In particular, security updates have _always_ needed to be done out-of-band, even way back in the day: ] 3.1 Uploading a package ] ...in order to fix a release-critical bug in prerelease ] ] The only time when the above, overly cautious, procedure is not ] workable, is when a package needs to be rushed into prerelease. This ] is exactly when a release-critical bug is being fixed (whether there ] be a bug report on it or no). ] ] The correct procedure to follow in this case, should be that the ] package is uploaded to "prerelease" with urgency=medium or high. ] ] At this point the release group should be automatically informed that ] the update is available, and presuming that it hasn't been uploaded to ] prerelease by mistake, install it into prerlease ASAP. ] ] If the release-critical fixes involved security fixes, then once the ] package is installed, a mail should be sent to the -security-announce ] list describing the problem, and similar information should be added ] to the web site. -- http://lists.debian.org/debian-devel/1998/debian-devel-199808/msg00002.html Cheers, aj -- Anthony Towns <email@example.com> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!''
Description: PGP signature