Re: Updating fis-gtm package to 6.1
On Tue, 11 Feb 2014, Bhaskar, K.S wrote:
Dominique's suggestion makes sense. There's no issue changing the latest
release and having fis-gtm reflect that, so that someone installing fis-gtm
always gets the latest release. My concern is just to make sure that
installing the latest release when fis-gtm is updated should not delete prior
releases already on the system.
So for testing the user needs to install the versionless package fis-gtm
and such will get updates and informations about problems with the current
versions.
With respect to Thorsten's question about security and grave bugs: So far, we
have been lucky and to date have never had a grave bug that caused us to
withdraw a release.
This is good to hear, but now we need to agree on the meaning of grave :-).
According to https://www.debian.org/Bugs/Developer#severities a grave bug
can cause data loss. So you never had such a bug? Everybody could use the
version from oldstable forever and will just miss some new features?
Anyways, if this would happen, would you (as upstream) provide patches for
older versions?
With respect to security issues, we have had two
security issues in the last so many years (actually, one issue in 2007,
followed by a second because the fix for the first issue was not complete).
As the vulnerability was not in the GT.M core, we were able to distribute a
fix that wrapped & isolated the vulnerable component and could be retrofitted
to existing installations of older releases.
Ok, in such a rare case you will provide the needed patches or workarounds
for all versions in Debian?
Thorsten
Reply to: