handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]
On Sun, 2003-04-06 at 12:48, Debian Bug Tracking System wrote:
> Do not reopen these bugs.
doesn't make sense when you (Herbert) closes the bug and I reopen it.
Lets discuss this on debian-devel@ and maybe others will let us know how
to handle this really correctly.
the short story:
I reported 2 public known security problems of the kernel to the BTS (
#176178, #181896). Herbert (the maintainer) closed the bug when the he
uploaded the fixed packages to unstable and proposed-updates.
Because a Debian woody user still have no fixed packages available this
bug should still left open until it is fixed in woody. Its just the same
handling like the current glibc security problem in #185508.
I know the maintainer cannot do anything and have to wait for a DSA or
for the next 3.0rX Debian version where the stable release manager will
add a fixing package to Debian but these are the only possible ways how
to fix a woody taged bug.
Closing these bugs shows "this bug is fixed in woody" which is not
correct so they should left open.
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org