Re: task-unstable-security-updates?

[Daniel Jacobowitz <dan@debian.org>]

On Sun, Nov 19, 2000 at 12:55:00PM -0700, Mike Fisk wrote:
> There doesn't seem to be an automatic way to get all of the unstable
> packages necessary to address reported security problems.  You either
> have to watch the security mailing lists and upgrade individual packages 
> yourself or do a full dist-upgrade every so often.  As often as packages
> get updated in unstable, that can be prohibitibely bandwidth and
> time-consuming.
> 
> It would be very helpful if there was a pseudo-package that conflicted
> with packages that have known security problems that have been fixed in a
> later version.  That way one could do a regular 'apt-get install
> task-unstable-security-updates' and cause the upgrade of all the
> conflicting packages that are currently installed on your system.
> 
> Is that possible?  Would the security team be willing to maintain such a
> pseudo-package?

Not really.  Our priority is stable; security fixes make it to unstable
somewhat haphazardly, especially for more obscure architectures.  The
maintenance cost on something like this is prohibitively high.

The answer is just to watch one single list - debian-security-announce. 
That's what it's for :)

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/