Re: New stable version after Sarge

To: debian-devel@lists.debian.org
Subject: Re: New stable version after Sarge
From: Neil McGovern <maulkin@halon.org.uk>
Date: Wed, 5 Jan 2005 01:02:38 +0000
Message-id: <[🔎] 20050105010238.GW32415@mx0.halon.org.uk>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 41DB3898.4090201@familiasanchez.net>
References: <[🔎] 41DA9CC1.1080509@vandervlis.nl> <[🔎] 41DAC4DE.809@jollans.com> <1104868722.41daf572a3a46@familiasanchez.net:443> <[🔎] 20050104225803.GS32415@mx0.halon.org.uk> <[🔎] 41DB3898.4090201@familiasanchez.net>

On Tue, Jan 04, 2005 at 07:45:12PM -0500, Roberto Sanchez wrote:
> >I subscribe to debian-security (+ d-s-announce) and get reports whenever
> >there's anything released.
> >I know what is installed on my boxes, so I know if this announcement
> >affects me.
> >
> You are probably in the minority, then.
> 

Yes, probably, but I'm using testing, which isn't supported by the
standard security team.
Therefore, it's now my sole reponsibility to look at security changes.

> >Recently, I did have a box rooted. This was due to a user running phpbb
> >on the system, without me knowing, despite the policy of no software
> >without clearance from me.
> >
> That really sucks.
> 

Yup. It's annoying to have to travel down to London because of it. The
user was suitably 'chastised' :)

> The only you did not address is when there is a security fix for which
> there is not an announcement.  If a package is not already in Woody,
> then it is not receiving security team support and will go under the
> radar.  Additionally, some maintainers work closely with upstream and
> fix the problems almost immediately.  In both of those cases, you would
> need to be monitoring the changelog for each of your packages and
> watching for security-related changes to packages.
> 

These normally crop up in either:
* security list and/or
* various irc channels

However, it's not something that I would expect a normal user to do. But
I woudn't be expecting a normal user to be using testing for a
production system.

> That makes me wonder.  I know that there are tools like cron-apt that
> will perform apt-related tasks through cron jobs.  Is there a way to
> make it (or another tool) download the changelogs and email you any new
> ones?
> 

Would be worth writing, but IMO a list with various people looking at
different changelogs is just as reliable. Like various lists already out
there :)

Warm regards,
Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- New stable version after Sarge
  - From: Paul van der Vlis <paul@vandervlis.nl>
- Re: New stable version after Sarge
  - From: Thomas Jollans <thomas@jollans.com>
- Re: New stable version after Sarge
  - From: roberto@familiasanchez.net
- Re: New stable version after Sarge
  - From: Neil McGovern <maulkin@halon.org.uk>
- Re: New stable version after Sarge
  - From: Roberto Sanchez <roberto@familiasanchez.net>

Prev by Date: Re: New stable version after Sarge
Next by Date: Re: Bug#288497: ITP: libsnowball-swedish-perl -- Stemming algorithm for Swedish
Previous by thread: Re: New stable version after Sarge
Next by thread: Re: New stable version after Sarge
Index(es):
- Date
- Thread