Re: Why back-porting patches to stable instead of releasing a new package.

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Why back-porting patches to stable instead of releasing a new package.
From: Mark Brown <broonie@sirena.org.uk>
Date: Sat, 16 Aug 2003 12:48:26 +0100
Message-id: <[🔎] 20030816114825.GA821@sirena.org.uk>
Mail-followup-to: Debian Developers <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20030816044514.GB6887@pimlott.net>
References: <20030715092532.GA8393@achos.com> <20030715125624.GL11400@alcor.net> <20030717151620.GA23268@debian.org> <20030721174232.GL13924@alcor.net> <20030722122252.GC24699@debian.org> <20030722223606.GB15133@alcor.net> <20030723081555.GA32048@debian.org> <20030723131001.GH15582@alcor.net> <[🔎] 20030816044514.GB6887@pimlott.net>

On Sat, Aug 16, 2003 at 12:45:14AM -0400, Andrew Pimlott wrote:
> On Wed, Jul 23, 2003 at 09:10:01AM -0400, Matt Zimmerman wrote:

> > - Security advisories and the associated packages should fix security
> >   vulnerabilities and nothing else.

> Have you perhaps seen

>     http://lwn.net/Articles/44117/

> ?  I think it's a fairly convincing critique of this policy.  I'm
> sure there are many security holes in woody that are fixed in the
> latest stable upstream release.[1]  Debian's policy assures that all

That's talking about something different - it's saying that by keeping
more current with upstream releases we would be able to avoid security
problems which only occur in older versions.  That's another way of
putting the frequently made criticism that we really ought to do stable
releases more often.

It also assumes that security bugs are only fixed and never introduced
by new versions - there have also been times when Debian has been
unaffected by security problems because stable contained a version of
the software predating the code containing the vulnerability.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."

Reply to:

Follow-Ups:
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Andrew Pimlott <andrew@pimlott.net>
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Andrew Pimlott <andrew@pimlott.net>

Prev by Date: Re: happy birthday.. but which timezone?
Next by Date: Bug#205698: ITP: nukeimage -- Mozilla context menu option to remove image from display
Previous by thread: Re: Why back-porting patches to stable instead of releasing a new package.
Next by thread: Re: Why back-porting patches to stable instead of releasing a new package.
Index(es):
- Date
- Thread