Re: security in testing

To: debian-devel@lists.debian.org
Subject: Re: security in testing
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Wed, 14 May 2003 22:18:22 +0200
Message-id: <[🔎] E19G2hi-0000Ff-ML@mid.downhill.at.eu.org>
Mail-followup-to: <debian-devel@lists.debian.org>
References: <20030513142055.GD25426@alcor.net> <[🔎] B21CC0CD-85DA-11D7-84D2-003065F97418@debian.org> <[🔎] 20030514141908.GA13945@alcor.net>

Matt Zimmerman <mdz@debian.org> wrote:
> On Wed, May 14, 2003 at 10:07:16AM +0300, Chris Leishman wrote:
[vulnerable packages like samba are distributed in testing]
>> Actually - I didn't suggest this.  I suggested there should be some
>> consensus on what to do about security problems in testing - my main
>> suggestion is that packages should be simply removed and the user notified
>> of what actions they can do to get it back (such as upgrading to an
>> unstable version, downgrading to a stable version, or fixing the bugs).

> I think that users would react rather negatively to having packages (ones
> that they use) effectively disappear from their system, but the only way to
> be certain is to experiment with the process.  You can easily simulate this
> by providing dummy packages in a private repository.
[...]

... but be careful to include the conffiles of the real package in
the dummy-packages - otherwise you'll probably break dpkg-conffile
handling.
               cu andreas

Reply to:

Follow-Ups:
- Re: security in testing
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: security in testing
  - From: Chris Leishman <masklin@debian.org>
- Re: security in testing
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: security in testing
Next by Date: [Bug#193320] RFA: gtimer - GTK-based X11 task timer
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread