Re: gnupg problem

To: debian-security@lists.debian.org
Subject: Re: gnupg problem
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 18 Jun 2001 23:29:15 -0300
Message-id: <[🔎] 20010618232914.I6344@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87ae35i8az.fsf@becket.becket.net>
References: <[🔎] 20010618095932.B11954@cistron.nl> <[🔎] 87wv6a2oyk.fsf@becket.becket.net> <[🔎] 20010618101320.A22970@cistron.nl> <[🔎] 87ae35hdvr.fsf@becket.becket.net> <[🔎] 20010618205227.A17055@atrey.karlin.mff.cuni.cz> <[🔎] 873d8x1u38.fsf@becket.becket.net> <[🔎] 20010618224827.A25523@atrey.karlin.mff.cuni.cz> <[🔎] 87sngxlbmc.fsf@becket.becket.net> <[🔎] 20010618165938.R417@plato.local.lan> <[🔎] 87ae35i8az.fsf@becket.becket.net>

On Mon, Jun 18, 2001 at 06:10:12PM -0700, Thomas Bushnell, BSG wrote:
> Ethan Benson <erbenson@alaska.net> writes:
> 
> > On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote:
> > > > you know, what I've ment. Debian *distribution* is main and non-US/main
> > > 
> > > Thene where are the security releases?
> > 
> > security.debian.org
> > 
> > mailcrypt is not in debian, its in contrib.  niether contrib or
> > non-free are part of debian.  
> > 
> > if gnupg broke deps on a another package in main i think you would
> > have a point, but it broke something outside the distribution which is
> > beyond the concerns of the security team, they only need to care about
> > the distribution which is main and non-US/main.  
> 
> I think we have a point here too...  I mean, let's actually do the
> best we can, instead of doing as little as possible.
> 
> In fact, the only reason mailcrypt is in contrib is that it adapts to
> the patent-restricted versions of gpg/pgp software.  As far as its use
> with gpg, it belongs in main.

 If mailcrypt can be installed and do useful stuff without any
packages from non-free installed, then it should itself be in main,
shouldn't it?

 What would happen in a similar situation where all packages involved
were already in main?  Someone else pointed out that we should think
about the general case of this problem, and have a way to deal with
it.  The fact that mailcrypt is currently in contrib lets us sort of
wriggle out of the problem, in this specific instance of the problem.
Does proposed-updates get merged when new sub-releases (e.g. r3) are
made?  If so, then putting packages there does it.  If not, then the
updated packages that the new security-fix package depends on must
become part of potato somehow.

 IMHO, security fixes should still go into security.d.o ASAP, without
waiting for packages that depend on them to be updated, but those
packages _do_ need to be updated.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: gnupg problem
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: gnupg problem
  - From: Ethan Benson <erbenson@alaska.net>
- Re: gnupg problem
  - From: Brett Parker <b.parker@uea.ac.uk>

References:
- Re: gnupg problem
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Ethan Benson <erbenson@alaska.net>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: gnupg problem
Next by Date: Re: rlinetd security
Previous by thread: Re: gnupg problem
Next by thread: Re: gnupg problem
Index(es):
- Date
- Thread