[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#176178: handling open security problems in woody with the BTS (here: the kernel)

* Herbert Xu <herbert@gondor.apana.org.au> [2003-04-06 22:23]:
> On Sun, Apr 06, 2003 at 03:02:30PM +0200, No?l K?the wrote:
>> proposed-updates isn't covered by security and because of this it
>> shouldn't by used by end-users.
>> Your fixed packages aren't available for the end-user of Debian! DFSG 4
> That is something which only the Security Team or the Stable Release
> Manager can address.

 That's right.  Nevertheless the package in stable doesn't have the fix
for the problem.  It _is_ that simple.  It is correct that you can't fix
this problem yourself but just try to help, but still, the problem is in
the package.  The bug against your package isn't something personal,
don't take it personal.  It's no bug against you, it's one against a
package that you happen to maintain.

>> Why split woody security bugs away from the package? The security tag is
>> enough for this.
> Because the bug is already fixed in the package.  What work is left
> can only be done by a select number of people.

 They are _not_ fixed in the package.  The package to refer to here is
in woody, and that package is *not* fixed.  Yes, the work that is left
can only be done by a selected number of people, but still the problem
exists in that package.  You don't have to like it but that's the way it

 So long!
  _.o          o        o._   o            ,-----ooO--00--Ooo-----.     _(o)
  |/|\     ._\/|\/=_  _/|\|  /|\         ,'    Gerfried  Fuchs     `.   _(<)
  |(:[--=  -|='=.=||   /|   '{ [--=    ,'      <alfie@ist.org>       `.
  ! ||      |~|( )||   \ \   / /       ` http://alfie.ist.org/ascii/ -'

Attachment: pgpBBJGSD2_2p.pgp
Description: PGP signature

Reply to: