[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)

On Sun, Apr 06, 2003 at 03:02:30PM +0200, No?l K?the wrote:
> Then we could remove the potato, woody, sarge tags and close all bugs
> with these tags because the problems are fixed in sid. Why do we have
> the tags?

Read the next paragraph.

> > Security bugs are special in that we do make fixes available for stable.
> > However, there is no point in keeping bugs open against he package in
> > question after the fix has been made available in proposed-updates or
> > security-updates.
> proposed-updates isn't covered by security and because of this it
> shouldn't by used by end-users.
> Your fixed packages aren't available for the end-user of Debian! DFSG 4

That is something which only the Security Team or the Stable Release
Manager can address.
> > The reason is that the maintainer has no further part to play (unless
> > otherwise requested by the Security Team or the Release Manager).  If
> > the Security Team or the Release Manager wishes to keep tabs on these
> > things, it would be easy to create a pseudo package where these bugs
> > can congregate.
> Why split woody security bugs away from the package? The security tag is
> enough for this.

Because the bug is already fixed in the package.  What work is left
can only be done by a select number of people.
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: