❦ 21 février 2018 07:07 +0100, Alexander Wirt <firstname.lastname@example.org> : > No, backports doesn't have official security support in the meaning that > the team is tracking and looking after security issues in backports. > Nevertheless every backporter has to care about security, we do expect that > uploaders care about their packages - this does of course include security > support. The net result for our users is that backports should not be expected to be up-to-date with security. It took me approximately one minute to go through latest DSA to find an example: Exim in backports is 4.89-2+deb9u1~bpo8+1. 4.89-2+deb9u2 has been uploaded in December. 4.89-2+deb9u3 has been uploaded in February. I think backports are a great asset for Debian and a clear advantage over other stable distributions. But we shouldn't lie to our users by telling it is security supported (and, as a matter of fact, we don't). I am sorry if it sounds like criticism, it shouldn't. I am only trying to show we already have a non-security-supported archive in Debian (or best-effort-security-supported archive if it sounds better). -- Hain't we got all the fools in town on our side? And hain't that a big enough majority in any town? -- Mark Twain, "Huckleberry Finn"
Description: PGP signature