On Wed, 21 Feb 2018, Vincent Bernat wrote: > ❦ 21 février 2018 07:07 +0100, Alexander Wirt <formorer@debian.org> : > > > No, backports doesn't have official security support in the meaning that > > the team is tracking and looking after security issues in backports. > > Nevertheless every backporter has to care about security, we do expect that > > uploaders care about their packages - this does of course include security > > support. > > The net result for our users is that backports should not be expected to > be up-to-date with security. It took me approximately one minute to go > through latest DSA to find an example: Exim in backports is > 4.89-2+deb9u1~bpo8+1. 4.89-2+deb9u2 has been uploaded in > December. 4.89-2+deb9u3 has been uploaded in February. yes, you are completely right. The maintainers responsibility was to upload this package which he didn't. I just wanted to make the parameters of the "best effort approach" clear. Alex
Attachment:
signature.asc
Description: PGP signature