Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Tue, 18 Mar 2014 07:49:14 +0100
Message-id: <[🔎] 1395122644@msgid.manchmal.in-ulm.de>
In-reply-to: <[🔎] 7312246.zXeI0qdFfj@gyllingar>
References: <20140305190301.GA2912@pisco.westfalen.local> <[🔎] 69734414.qmXaMjuj1O@gyllingar> <[🔎] 1394480844@msgid.manchmal.in-ulm.de> <[🔎] 7312246.zXeI0qdFfj@gyllingar>

Didier 'OdyX' Raboud wrote...

> I was trying to say that there is no policy currently in place to ensure 
> that skip-upgrades actually work,

Agreed. If LTS is going to be a permanent thing, this has to
change. For any squeeze-lts to jessie upgrades, the ride might become
a bit bumpy although I suspect the number of affected packages is
*that* big. But no doubt it's above zero.

Preventing skip-upgrade for a certain package using technical means
doesn't look easy. The only solution available now I can think of is a
"come from" version number check in preinst. That's ugly.

So again, let's see squeeze-LTS as an experiment. But time is running
up if any finding should result in updates policy etc. before the
jessie freeze.

> and at least one maintainer has 
> already started to cleanup pre-wheezy stuff from his packages [0]. 
> [0] I'd be surprised to be the only one, who knows.

Just in this thread, I've counted two :)

    Christoph

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Russ Allbery <rra@debian.org>

References:
- Re: Bits from the Security Team
  - From: "Didier 'OdyX' Raboud" <odyx@debian.org>
- Re: Bits from the Security Team
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Re: Bits from the Security Team
  - From: "Didier 'OdyX' Raboud" <odyx@debian.org>

Prev by Date: Re: jquery debate with upstream
Next by Date: Re: Bits from the Security Team
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread