Re: Why back-porting patches to stable instead of releasing a new package.
On Wed, Jul 23, 2003 at 09:10:01AM -0400, Matt Zimmerman wrote:
> This is already in the security team FAQ, and in the developers reference in
> section "5.8.5.3 Preparing packages to address security issues", but
> apparently it requires further explanation, because this issue comes up from
> time to time. I will expand the developer's reference more when I get a
> chance. The main points are:
That would be cool.
> - Security advisories and the associated packages should fix security
> vulnerabilities and nothing else. It is irresponsible to "sneak in"
> additional changes or try to use a security vulnerability as an excuse to
> bypass the normal process for updating a package in stable to fix other
> bugs.
>
> - If your package is so buggy in stable that it is useless, you should have
> made an upload to proposed-updates a long time ago. Don't wait for a
> security advisory and try to use that to get random bug fixes in. They
> will not be accepted as part of a security update.
Things are clearer now. You're right: i should have done a new package by
time, but you probably ignore that, due to lack of time, i've filed an RFA on
phpgroupware which resulted in many mails and no real effort (apart a new
version from Tilo Levante few time ago). In this span of time package was
subject to many bugfix releases, which i could not care about. Now that I'm
back working on it i've to deal with a security issue. What am i supposed to
do? Build a new version for the proposed-update procedure?
thanks,
--
Luca - De Whiskey's - De Vitis | Elegant or ugly code as well
aliases: Luca ^De [A-Z][A-Za-z\-]*[iy]'\?s$ | as fine or rude sentences have
Luca, a wannabe ``Good guy''. | something in common: they
local LANG="it_IT@euro" | don't depend on the language.
Reply to: