Re: task-unstable-security-updates?

[Itai Zukerman <zukerman@math-hat.com>]

> > It would be very helpful if there was a pseudo-package that conflicted
> > with packages that have known security problems that have been fixed in a
> > later version.  That way one could do a regular 'apt-get install
> > task-unstable-security-updates' and cause the upgrade of all the
> > conflicting packages that are currently installed on your system.

Seems like a great idea to me.

If the BTS had a "security" tag, then this could be done
automatically.  A quick look through the debian-devel archives, and I
can't find discussion of this tag.  Was there some reason it wasn't
introduced?

> > Is that possible?  Would the security team be willing to maintain such a
> > pseudo-package?
> 
> Not really.  Our priority is stable; security fixes make it to unstable
> somewhat haphazardly, especially for more obscure architectures.  The
> maintenance cost on something like this is prohibitively high.
> 
> The answer is just to watch one single list - debian-security-announce. 
> That's what it's for :)

I'm not sure I understand the reasoning here.  If the answer is to
watch the debian-security-announce list, then what prevents someone
watching the list from maintaining the proposed virtual package?

-itai