On Wed, 2014-10-29 at 21:58 -0700, Russ Allbery wrote: > Also, this means that you completely miss security advisories that *don't* > involve changing a package in the archive, like "this thing is a disaster, > so we're pulling it from the archive entirely and suggest you stop using > it." If it is so that much of a disaster that it warrants pulling a package from stable, surely a little more notification than an email to a list most people don't monitor would be warranted? Something like replacing it with an package that sends email daily to root explaining the situation would be the very least you could do. But then the bash function bug made my local TV news, and bash remains in the archive. If it warranted pulling a package from stable I'd wager you would have to be living under a rock not to hear about it.
Attachment:
signature.asc
Description: This is a digitally signed message part