[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)[was: Re: Bug#176178 acknowledged by developer (do not reopen)]

Mark Brown <broonie@sirena.org.uk> wrote:
> On Sun, Apr 06, 2003 at 10:22:56PM +1000, Herbert Xu wrote:
>> Security bugs are special in that we do make fixes available for stable.
>> However, there is no point in keeping bugs open against he package in
>> question after the fix has been made available in proposed-updates or
>> security-updates.
> Putting the fix into proposed-updates doesn't seem like enough - unlike
> security-updates we don't recommend that users install packages from
> there as a matter of course and there's no guarantee that the package
> will mkae it into stable.

Agreed.  However, what I'm saying is that having a bug open against
the package in question is not the best way of getting the fixed package
made available.

Some may argue that this helps the user to see what the status is.  But
surely the user can just look at the www.debian.org home page and find
all the DSAs in one place.

This is especially true for the kernel packages because there are multiple
source packages.  So users often miss the bugs even when they are open.
IMHO we should have pseudo packages in the BTS for the Security Team or
the Stable Release Manager to use.
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: