Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)

To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)
From: Noèl Köthe <noel@debian.org>
Date: 06 Apr 2003 15:02:30 +0200
Message-id: <[🔎] 1049634149.15319.136.camel@p4.domain.lan>
Reply-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030406122256.GA20451@gondor.apana.org.au>
References: <20030406101003.GB16611@gondor.apana.org.au> <20030110204423.4CBBD1F03@controller.domain.lan> <handler.176178.D176178.104962549419200.notifdone@bugs.debian.org> <[🔎] 1049628312.15320.98.camel@p4.domain.lan> <[🔎] 20030406122256.GA20451@gondor.apana.org.au>

On Sun, 2003-04-06 at 14:22, Herbert Xu wrote:

> > Closing these bugs shows "this bug is fixed in woody" which is not
> > correct so they should left open.
> 
> In general, bugs are closed when the fixed packages hit unstable since
> we don't usually fix bugs in stable.

Then we could remove the potato, woody, sarge tags and close all bugs
with these tags because the problems are fixed in sid. Why do we have
the tags?

> Security bugs are special in that we do make fixes available for stable.
> However, there is no point in keeping bugs open against he package in
> question after the fix has been made available in proposed-updates or
> security-updates.

proposed-updates isn't covered by security and because of this it
shouldn't by used by end-users.
Your fixed packages aren't available for the end-user of Debian! DFSG 4
This is why I want to want to let the bug open and close it when its
available for the people who are using Debian.

> The reason is that the maintainer has no further part to play (unless
> otherwise requested by the Security Team or the Release Manager).  If
> the Security Team or the Release Manager wishes to keep tabs on these
> things, it would be easy to create a pseudo package where these bugs
> can congregate.

Why split woody security bugs away from the package? The security tag is
enough for this.

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Reply to:

Follow-Ups:
- Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)
  - From: Herbert Xu <herbert@gondor.apana.org.au>

References:
- handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]
  - From: Noèl Köthe <noel@debian.org>
- Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: Familiar packages
Next by Date: Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]
Previous by thread: Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]
Next by thread: Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)
Index(es):
- Date
- Thread