[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: allow new upstream into stable when it's the only way to fix security issues.



On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> (1) keep vulnerable packages in stable,
> (2) remove affected packages from distribution,
> (3) allow new upstream into stable.
My 1 cent would be a merge of (2) and (3)...  it is more of the
formalization so we woudln't need to think about it on a next occasion
with some other package

(2) - remove from the stable distribution
(3) - create /rolling-updates or whatever better name would be in a
      fashion like /security-updates.

Drawbacks: 

users who had mozilla installed would need to tune their
/etc/apt/sources.list, although some dummy transitional package
"mozilla" which wipes out vulnerable pieces from stable  can do it for
them (debconf)

Advantages: 
* stable is kept stable - no unstable parts in the main body. It would
  provide clean and sharp boundary between stable and "rolling" packages
  if  more to come for some reason

* conciseness addition of /rolling-updates helps to understand why then
  hack apt-get upgrade goes crazy so often and download staff into
  stable distribution

-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]


Attachment: pgp0jh1jm6KAQ.pgp
Description: PGP signature


Reply to: