[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Thu, Oct 30, 2014 at 1:12 AM, Russell Stuart wrote:
> On Wed, 2014-10-29 at 21:58 -0700, Russ Allbery wrote:
>> Also, this means that you completely miss security advisories that *don't*
>> involve changing a package in the archive, like "this thing is a disaster,
>> so we're pulling it from the archive entirely and suggest you stop using
>> it."
> If it is so that much of a disaster that it warrants pulling a package
> from stable, surely a little more notification than an email to a list
> most people don't monitor would be warranted?  Something like replacing
> it with an package that sends email daily to root explaining the
> situation would be the very least you could do.

Just upgrading a package is not enough.  Often enough services need
restarted, and that information can be stated in the DSA.

There are also end-of-life announcements, which maybe the
debian-security-support package now addresses in a somewhat automated

Anyway, it is entirely understandable that reading can be hard, but at
a minimum the truly security-conscious need to be to do so.

Best wishes,

Reply to: