[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Update policies for security bugs [Was, Re: Dreamhost dumps Debian]

Steve Langasek writes ("Update policies for security bugs [Was, Re: Dreamhost dumps Debian]"):
> I don't think this is incompatible with my contention that updates for
> security bugs should be driven by the security team.  If we think a security
> fix should not be pushed *immediately* to users, then why should we postpone
> it until the next point release, instead of postponing it until they upgrade
> to the next stable release?  Either it's an important security fix and we
> should push it out with a high priority, or it's not important - in which
> case no one should expect me to spend my time on fixing it in a stable
> update.

Perhaps it has an intermediate level of importance.


Reply to: