[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Wed, 2014-10-29 at 21:58 -0700, Russ Allbery wrote:
> Also, this means that you completely miss security advisories that *don't*
> involve changing a package in the archive, like "this thing is a disaster,
> so we're pulling it from the archive entirely and suggest you stop using
> it."

If it is so that much of a disaster that it warrants pulling a package
from stable, surely a little more notification than an email to a list
most people don't monitor would be warranted?  Something like replacing
it with an package that sends email daily to root explaining the
situation would be the very least you could do.

But then the bash function bug made my local TV news, and bash remains
in the archive.  If it warranted pulling a package from stable I'd wager
you would have to be living under a rock not to hear about it.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: