Re: Proposal for new Security subsection for non-US

To: debian-security@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Proposal for new Security subsection for non-US
From: matthew@sackman.co.uk (Matthew Sackman)
Date: Sun, 23 Jun 2002 22:21:17 +0100
Message-id: <[🔎] 20020623212115.GD5143@sackman.co.uk>
Mail-followup-to: debian-security@lists.debian.org, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020623205120.GB3184@zionlth.org>
References: <[🔎] 1024718148.32749.293.camel@zion> <[🔎] 20020622052111.GB28709@dodds.net> <[🔎] 20020623004627.A975@sz.techno-link.com> <[🔎] 20020623162556.GC24597@llama.nslug.ns.ca> <[🔎] 20020623164859.GE20433@dodds.net> <[🔎] 20020623234416.B12984@sz.techno-link.com> <[🔎] 20020623205120.GB3184@zionlth.org>

On Sun, Jun 23, 2002 at 04:51:20PM -0400, Phillip Hofmeister wrote:
> > Well, still binary patching could be implemented (although, in a rather
> > osbscure way) using pre-install scripts which would patch the definition
> > files. However, this would require two packages providing the same
> > version of the definition files (a patch package and a complete
> > new-version package) and a whole lot of patch packages dangling around.
> > So I guess I am writing nonsense.
> 
> Umm...silly thought...couldn't we have two packages.  The binary then a lib 
> (which the binary depends on) that would contain the defs, then just update
> the libs?

I think the problem is that as others have said, no package which is 10
minutes old should go into testing. Therefore packages in stable are
going to have to depend on packages in unstable. This can only happen
happily with pinning. Therefore I can't see any further problems.

Example:
snort exists in stable. Depends on package snort-definitions which *does
not* exist in stable but only exists in unstable. Pinning thus allows
the user to track stable as per normal, but for snort-definitions, it
tracks unstable.

If I've missed something obvious, please shout at me ;-)

So now we need a list of packages that are going to need individual
definition packages and to get going. I guess we really should have
another package (security-updater?) that updates sources.list with the
necessary information.

Matthew

-- 

Matthew Sackman
Nottingham
England

BOFH Excuse Board:
not properly grounded, please bury computer

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Proposal for new Security subsection for non-US
  - From: Anthony DeRobertis <asd@suespammers.org>

References:
- Proposal for new Security subsection for non-US
  - From: Matthew Grant <grantma@anathoth.gen.nz>
- Re: Proposal for new Security subsection for non-US
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Proposal for new Security subsection for non-US
  - From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
- Re: Proposal for new Security subsection for non-US
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: Proposal for new Security subsection for non-US
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Proposal for new Security subsection for non-US
  - From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
- Re: Proposal for new Security subsection for non-US
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: Proposal for new Security subsection for non-US
Next by Date: Re: [d-security] Re: Apache chunk handling vulnerability and Apache 1.3.24-3
Previous by thread: Re: Proposal for new Security subsection for non-US
Next by thread: Re: Proposal for new Security subsection for non-US
Index(es):
- Date
- Thread