On Wed, Nov 13, 2002 at 03:22:20PM -0500, Raymond Wood wrote: > On Thu, Nov 14, 2002 at 02:23:30AM +0700, Jean Christophe ANDR? remarked: > > > Raymond Wood ?crivait : > > > Respectfully, does anyone know when Sid will receive patches > > > for the previous Apache vulnerabilities that were fixed for > > > Potato and Woody, but not Sid? It's been days... Raymond > > Because Sid's aim is to allow you to test bugs... and enjoy > > viruses! <g> ;-) > > That was not my question - read again if you must. Your question is when it was to receive updates. His answer is that it is not supported. If you want a secure system, use 'stable'. That's policy. If you don't like it, DO something about it. Also, please maintain a civil tone on this list. > I am fully aware of the Security team's 'official policy' > regarding Sid and security updates. I also think I, and > probably others, are getting weary of these same old tired > responses that quote policy, but do very little to help. Then DO something about it. If you want Sid to be updated for all of the vulnerabilities found, volunteer to help the security team, or maybe download the source package from the security.debian.org server and build it. > The relevant DSA in question itself stated something to the > effect 'a fix for Sid will appear soon'. At this point I am > wondering how soon or how late: I mean are we talking about > days or weeks at this point? It makes no sense to leave Sid > vulnerable for any longer than necessary, for the fact is there > *are* desktop user's who do use Sid, because it is cutting edge. > Are these people just to wait like sitting ducks until their > systems are compromised? This would make no sense to me. Then they should realize that using Sid has NO guarantee for security. Sid is for finding problems with packages interacting, finding grave bugs, and making sure software is ready for testing. The only branch that has any guarantee of security is stable. This is by no means unique to Debian. I don't know many people who run production FreeBSD machines (be they desktop or servers) with ANY expectation of security with the FreeBSD-CURRENT branch. -- ------------------------------------------ Edward Guldemond GPG Key: 0x4E505B0F Key fingerprint: 4CAC 6740 C1CD 3CE4 6CA0 34E9 B3B7 18EC 4E50 5B0F
Attachment:
pgprIDyHyP1Pn.pgp
Description: PGP signature