Re: linux-2.6_2.6.15-6_i386.changes ACCEPTED
On Fri, Feb 10, 2006 at 09:26:01PM +0100, Sven Luther wrote:
> On Fri, Feb 10, 2006 at 08:59:49PM +0100, Frans Pop wrote:
> > Allow me to wonder a bit about the way the last two kernel uploads were
> > handled.
> >
> > - 2.6.15-5 was pushed because it solved a remote security issue
> > (CVE-2006-0454), however it was uploaded with urgency LOW
> > - next day, 2.6.15-6 that has a new upstream release is uploaded
> >
> > Wouldn't it have made more sense to upload 2.6.15-5 with urgency HIGH and
> > wait for that to reach testing before uploading a new upstream release?
>
> Well, and let one vulnerable remote security update open for a day more, this
> is not acceptable. Even if only one user gets compromised because of this,
> then it is enough to warrant the upload.
>
> And i mean, apart from d-i .udebs builds (but i was told not to rant about
> this :), it really is not all that much of a bother to do even daily uploads
> if they are needed.
>
> Also, there will be a 2.6.15-7 soon :)
Err, i was going to say that the urgency is anyway not so important, as the
RMs can always hint it in before time if needed.
Friendly,
Sven Luther
Reply to: