Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED

To: Frans Pop <aragorn@tiscali.nl>
Cc: debian-kernel@lists.debian.org
Subject: Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
From: Sven Luther <sven.luther@wanadoo.fr>
Date: Fri, 10 Feb 2006 21:26:01 +0100
Message-id: <[🔎] 20060210202601.GA8807@localhost.localdomain>
In-reply-to: <[🔎] 200602102059.50200.aragorn@tiscali.nl>
References: <[🔎] E1F7cNW-0000ro-7h@spohr.debian.org> <[🔎] 200602102059.50200.aragorn@tiscali.nl>

On Fri, Feb 10, 2006 at 08:59:49PM +0100, Frans Pop wrote:
> Allow me to wonder a bit about the way the last two kernel uploads were 
> handled.
> 
> - 2.6.15-5 was pushed because it solved a remote security issue
>   (CVE-2006-0454), however it was uploaded with urgency LOW
> - next day, 2.6.15-6 that has a new upstream release is uploaded
> 
> Wouldn't it have made more sense to upload 2.6.15-5 with urgency HIGH and 
> wait for that to reach testing before uploading a new upstream release?

Well, and let one vulnerable remote security update open for a day more, this
is not acceptable. Even if only one user gets compromised because of this,
then it is enough to warrant the upload.

And i mean, apart from d-i .udebs builds (but i was told not to rant about
this :), it really is not all that much of a bother to do even daily uploads
if they are needed.

Also, there will be a 2.6.15-7 soon :)

Friendly,

Sven Luther

Reply to:

Follow-Ups:
- Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
  - From: Sven Luther <sven.luther@wanadoo.fr>

References:
- linux-2.6_2.6.15-6_i386.changes ACCEPTED
  - From: Debian Installer <installer@ftp-master.debian.org>
- Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
  - From: Frans Pop <aragorn@tiscali.nl>

Prev by Date: Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
Next by Date: Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
Previous by thread: Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
Next by thread: Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
Index(es):
- Date
- Thread