[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: allow new upstream into stable when it's the only way to fix security issues.

On Mon, Aug 01, 2005 at 06:06:27AM -0400, Yaroslav Halchenko wrote:
> On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> > (1) keep vulnerable packages in stable,
> > (2) remove affected packages from distribution,
> > (3) allow new upstream into stable.
> My 1 cent would be a merge of (2) and (3)...  it is more of the
> formalization so we woudln't need to think about it on a next occasion
> with some other package
> 
> (2) - remove from the stable distribution
> (3) - create /rolling-updates or whatever better name would be in a
>       fashion like /security-updates.

If there really are people who wouldn't want (3) on their systems (and
enough of them that we should take notice of them), then I think something
along the lines you have suggested is the only reasonable solution.

It's not pretty, but it does give people the choice of what to be paranoid
about.


Cheers,


Nick
Reply to: