Re: Current 2.2r2 status

To: Ben Collins <bcollins@debian.org>
Cc: <debian-release@lists.debian.org>
Subject: Re: Current 2.2r2 status
From: lance <lance@uklinux.net>
Date: Wed, 22 Nov 2000 16:26:54 +0000 ()
Message-id: <[🔎] Pine.LNX.4.30.0011221619280.1774-100000@s1.uklinux.net>
In-reply-to: <[🔎] 20001122110722.R968@visi.net>

On Wed, 22 Nov 2000, Ben Collins wrote:

> > As a CD Vendor I have watched this thread with interest. The day that you
> > release 2.2R2 there could be a major security hole announced that needs
> > fixing. There could be another one the day I get the Cd's back from the
> > replicator !!
>
> But there are security issues we know about *now*. I'm not assuming things
> will happen, they already have, and the known issues need to be included.

Yes - but you have to cut off sometime, because while you are fixing and
incorporating the fix for the known issue another issue will arise that
you could hold the release for, and I see security issues and updates
happening daily on all distributions !

I cant phone my replicator and say - hold those Debian Cd's, there's just
been a major security hole found in xxx package.

Once you say 'that is the release' then you cant afford to upset people
by having another release in a couple of weeks or by saying 'dont use that
release', but you have to issue the fixes as updates to that release.

Regards
Lance

Reply to:

References:
- Re: Current 2.2r2 status
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: [andreas@conectiva.com.br: Re: typo in modutils-2.3.20]
Next by Date: Re: Current 2.2r2 status
Previous by thread: Re: Current 2.2r2 status
Next by thread: Re: Current 2.2r2 status
Index(es):
- Date
- Thread