Hi, On Freitag, 26. September 2014, Raphael Hertzog wrote: > The annoying part is that the mapping of "release => file to use" changes > over time. There's a one year period where oldstable is the realm of the > security team and only afterwards it gets into dla-needed.txt. > > I wish we could use a unified process. After all dsa-needed.txt already > accepts "package/stable" and "package/oldstable" for the period where the > security team takes care of both. Maybe we could just always use that > scheme... in the last month or so I came to realise that "the Debian security team doesnt support LTS as a team, only by individual members" is not really true / accurate. Or to phrase it differently and more positivly: I thankfully still see many edits to data/CVE/list which refer to squeeze too! Thats awesome! So I think LTS has put a little bit more work on the security teams shoulders. And we should acknowledge / not forget that. (Which I think we do best by working with them, roughly like we have done so far :) cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.