Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
W. Borgert <firstname.lastname@example.org> wrote:
>> (1) keep vulnerable packages in stable,
>> (2) remove affected packages from distribution,
>> (3) allow new upstream into stable.
> I'ld "vote" for (2), maybe with the goal of creating pressure
> towards upstream to take security more serious.
But how do you push the users to remove the package from their
systems? In reality they will keep the broken version installed and
so you have (1) again :-(
* email@example.com * http://www.spinnaker.de/ *