Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
On Fri, Feb 10, 2006 at 08:59:49PM +0100, Frans Pop wrote:
> Allow me to wonder a bit about the way the last two kernel uploads were
> handled.
>
> - 2.6.15-5 was pushed because it solved a remote security issue
> (CVE-2006-0454), however it was uploaded with urgency LOW
> - next day, 2.6.15-6 that has a new upstream release is uploaded
>
> Wouldn't it have made more sense to upload 2.6.15-5 with urgency HIGH and
> wait for that to reach testing before uploading a new upstream release?
Well, and let one vulnerable remote security update open for a day more, this
is not acceptable. Even if only one user gets compromised because of this,
then it is enough to warrant the upload.
And i mean, apart from d-i .udebs builds (but i was told not to rant about
this :), it really is not all that much of a bother to do even daily uploads
if they are needed.
Also, there will be a 2.6.15-7 soon :)
Friendly,
Sven Luther
Reply to: