[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security updates without DSA?

Martin Schulze <joey@infodrom.org> writes:

> Olaf Meeuwissen wrote:
> > Olaf Meeuwissen <olaf@epkowa.co.jp> (that's me!) writes:
> > 
> > > Dear .debs,
> > > 
> > > I recently wanted to apply security updates to a machine I'd installed
> > > from woody pre6 CDs, hardened and upgraded to woody proper.  [...]
> > > 
> > > Before applying the upgrades I checked whether there was a DSA for the
> > > packages that were going to be upgraded.  Surprise, there were several
> > > that did not (seem to) have a corresponding DSA.
> > > 
> > > Question: Is that normal and OK?
> Yes.  During the deep freeze of woody the security infrastructure was
> implemented.  Security updates were added to woody before it was released
> without issuing a DSA for each and every package.

As mentioned in another mail to the debian-security list, this is true
for the fetchmail-ssl package, but *not* for the kdenetwork packages.
The security upgrades are not the packages that were in woody when it
got released.

Olaf Meeuwissen                            EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
LPIC-2               -- I hack, therefore I am --                 BOFH

Reply to: