> > It would be very helpful if there was a pseudo-package that conflicted
> > with packages that have known security problems that have been fixed in a
> > later version. That way one could do a regular 'apt-get install
> > task-unstable-security-updates' and cause the upgrade of all the
> > conflicting packages that are currently installed on your system.
Seems like a great idea to me.
If the BTS had a "security" tag, then this could be done
automatically. A quick look through the debian-devel archives, and I
can't find discussion of this tag. Was there some reason it wasn't
> > Is that possible? Would the security team be willing to maintain such a
> > pseudo-package?
> Not really. Our priority is stable; security fixes make it to unstable
> somewhat haphazardly, especially for more obscure architectures. The
> maintenance cost on something like this is prohibitively high.
> The answer is just to watch one single list - debian-security-announce.
> That's what it's for :)
I'm not sure I understand the reasoning here. If the answer is to
watch the debian-security-announce list, then what prevents someone
watching the list from maintaining the proposed virtual package?