Henning Makholm [u] wrote on 12/10/2004 15:46:
Scripsit Sven Mueller <sm@leogic.com>Henning Makholm [u] wrote on 11/10/2004 20:22:[volatile.debian.org]Security fixes should be handled by security.d.o.Perhaps yes, perhaps no.Security fixes *to* packages already in volatile is a grey area, yes.
No argument there
I thought I was talking about security fixes to stable packages going in volatilie instead of security.d.o.
Certainly. volatile should _not_ be just another security archive.Security fixes to packages in stable should go to security.d.o as they used to. Volatile might get updated due to the same security problem, but if so, then that would most likely be by an upgrade to a fixed upstream version instead of a backport of that specific security fix. _If_ the new upstream version is stable and doesn't break compatibility (in a way contradicted by volatile policy).
cu, sven