hi, what do you (SRM folks) think about releasing debian-security-support updates via (old)stable-updates (once the version in sid is in testing, obviously)? right now buster is up to date via the last point release but the package in buster is not new enough to have the latest status for stretch (which is only in the package in bullseye) i'd be glad to file SRM bugs for each update like its being done for clamav. i just dont think releasing d-s-s updates via point releases makes sense. and often they also dont warrant a security/lts update as they come with DSAs/DLAs and mostly the d-s-s updates are based on DSA/DLAs and thus such DSA/DLAs would just refer to the other ones. I also believe that debian-security-support's current design is like how I like it to be. With that I mean having a frequentlty updated package in the archive to inform about the security status of other packages is better than debian-security-support constantly phoning home to query this status. Which would be a possible re-design if you'd disagree with the proposal to routinely update d-s-s via (old)stable-updates instead via point releases or security updates. I'd also welcome other suggestions. All I want is a working official way to communicate security stati. -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature