[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)

On Sun, 2003-04-06 at 14:22, Herbert Xu wrote:

> > Closing these bugs shows "this bug is fixed in woody" which is not
> > correct so they should left open.
> In general, bugs are closed when the fixed packages hit unstable since
> we don't usually fix bugs in stable.

Then we could remove the potato, woody, sarge tags and close all bugs
with these tags because the problems are fixed in sid. Why do we have
the tags?

> Security bugs are special in that we do make fixes available for stable.
> However, there is no point in keeping bugs open against he package in
> question after the fix has been made available in proposed-updates or
> security-updates.

proposed-updates isn't covered by security and because of this it
shouldn't by used by end-users.
Your fixed packages aren't available for the end-user of Debian! DFSG 4
This is why I want to want to let the bug open and close it when its
available for the people who are using Debian.

> The reason is that the maintainer has no further part to play (unless
> otherwise requested by the Security Team or the Release Manager).  If
> the Security Team or the Release Manager wishes to keep tabs on these
> things, it would be easy to create a pseudo package where these bugs
> can congregate.

Why split woody security bugs away from the package? The security tag is
enough for this.

Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Reply to: