Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
On Mon, Aug 01, 2005 at 06:06:27AM -0400, Yaroslav Halchenko wrote:
> On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> > (1) keep vulnerable packages in stable,
> > (2) remove affected packages from distribution,
> > (3) allow new upstream into stable.
> My 1 cent would be a merge of (2) and (3)... it is more of the
> formalization so we woudln't need to think about it on a next occasion
> with some other package
> (2) - remove from the stable distribution
> (3) - create /rolling-updates or whatever better name would be in a
> fashion like /security-updates.
If there really are people who wouldn't want (3) on their systems (and
enough of them that we should take notice of them), then I think something
along the lines you have suggested is the only reasonable solution.
It's not pretty, but it does give people the choice of what to be paranoid