On Tue, Aug 30, 2005 at 05:43:52AM +1000, Anthony Towns wrote: > I'd kind-of hope it wouldn't be an issue in practice -- security bugs > that're fixed in unstable ought to have the fix for stable uplaoded > within 28 days anyway, shouldn't they? Well, there's the mozilla packages, for one example where this hasn't been the case in practice. I would rather not have security bugs in stable be forgotten about because they passed some threshold where the BTS auto-vanished them. I don't know if it's feasible, but my ideal vision for how the new version tracking would handle bugs in stable would be that if the version in stable is affected, the bug is left open if it's tagged sarge or if it's of RC severity; otherwise the bug is archived normally. I don't even see a reason to special-case "security", most such bugs are going to be of RC severity and the others can be tagged with the per-suite tag just as we've been doing. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature