[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: actively notifying users of removed packages

Hi Karl,
* Karl Chen <quarl@cs.berkeley.edu> [2008-03-11 13:51]:
> I would like to bring up the issue of removed packages.  I think
> it is problematic that sometimes packages get removed, with no
> automatic transition [a transitional package, or another package
> depending on a replacement package or conflicting with the old
> one], and no active notification to the user.
> My primary concern is security.  I recently discovered many
> packages that have been removed from Debian, that I had still been
> using with no idea that they were removed.  The worst part is,
> some of these packages were removed due to outstanding security
> bugs!  For example, bitchx and dhcp-client.  It's clear to me that
> a silent removal is problematic since the result is existing users
> keep that buggy version forever.
If you are using testing please consider subscribing to
secure-testing-annouce[0] to get informed about such package removals.

[0] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
Kind regards
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpFR5d77VEFY.pgp
Description: PGP signature

Reply to: