Re: about volatile.d.o/n
Henning Makholm [u] wrote on 12/10/2004 15:46:
Scripsit Sven Mueller <email@example.com>
Henning Makholm [u] wrote on 11/10/2004 20:22:
Security fixes should be handled by security.d.o.
Perhaps yes, perhaps no.
Security fixes *to* packages already in volatile is a grey area, yes.
No argument there
I thought I was talking about security fixes to stable packages
going in volatilie instead of security.d.o.
volatile should _not_ be just another security archive.
Security fixes to packages in stable should go to security.d.o as they
Volatile might get updated due to the same security problem, but if so,
then that would most likely be by an upgrade to a fixed upstream version
instead of a backport of that specific security fix. _If_ the new
upstream version is stable and doesn't break compatibility (in a way
contradicted by volatile policy).