hi,
what do you (SRM folks) think about releasing debian-security-support updates
via (old)stable-updates (once the version in sid is in testing, obviously)?
right now buster is up to date via the last point release but the package
in buster is not new enough to have the latest status for stretch (which
is only in the package in bullseye)
i'd be glad to file SRM bugs for each update like its being done for clamav.
i just dont think releasing d-s-s updates via point releases makes sense.
and often they also dont warrant a security/lts update as they come with
DSAs/DLAs and mostly the d-s-s updates are based on DSA/DLAs and thus such
DSA/DLAs would just refer to the other ones.
I also believe that debian-security-support's current design is like
how I like it to be. With that I mean having a frequentlty updated package
in the archive to inform about the security status of other packages is
better than debian-security-support constantly phoning home to query
this status. Which would be a possible re-design if you'd disagree with the
proposal to routinely update d-s-s via (old)stable-updates instead via
point releases or security updates.
I'd also welcome other suggestions. All I want is a working official way
to communicate security stati.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature