Re: RFC: allow new upstream into stable when it's the only way to fix security issues.

To: debian-devel@lists.debian.org
Subject: Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
From: Roland Rosenfeld <roland@spinnaker.de>
Date: Sun, 31 Jul 2005 22:07:10 +0000 (UTC)
Message-id: <[🔎] dcji2e$7de$1@luv.sail.spinnaker.de>
References: <[🔎] 200507312310.11473@sercond.localdomain> <[🔎] 200507312310.11473@sercond.localdomain> <[🔎] 20050731205045.GA4855@k6.in-berlin.de>

W. Borgert <debacle@debian.org> wrote:

>> (1) keep vulnerable packages in stable,
>> (2) remove affected packages from distribution,
>> (3) allow new upstream into stable.

> I'ld "vote" for (2), maybe with the goal of creating pressure
> towards upstream to take security more serious.

But how do you push the users to remove the package from their
systems?  In reality they will keep the broken version installed and
so you have (1) again :-(

Tschoeeee

        Roland

-- 
 * roland@spinnaker.de * http://www.spinnaker.de/ *

Reply to:

References:
- RFC: allow new upstream into stable when it's the only way to fix security issues.
  - From: "Nikita V. Youshchenko" <yoush@cs.msu.su>
- Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
  - From: "W. Borgert" <debacle@debian.org>

Prev by Date: Re: ignoring upstream's version number?
Next by Date: Bug#320716: ITP: lablgtksourceview -- OCaml bindings for GtkSourceView
Previous by thread: Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
Next by thread: Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
Index(es):
- Date
- Thread