Re: [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities
Quoting Raymond Wood (raywood@magma.ca):
> The question is obviously an unpopular one :)
Well, I think it got old. Moreover, and more to the point, FAQed.
> Even though Sid is officially not supported by the security team,
> still 99 times out of a hundred, a patch or new version will appear in
> Sid quite promptly (I don't know if these are usually done by the
> security team or not).
Generally, that does work. Or you win anyway, because the package was
vulnerable for a while _but_ you didn't happen to have it installed.
The point, though, is that this is no commitment to try to ensure this,
except on stable. If you request otherwise (which is what we
substantively just saw), then the standard answer is (pick one or more):
o Please see the Security Team FAQ.
o No.
o Feel free to fix it yourself, so we can all benefit from your
enthusiasm.
(This message is partial penance for my having posed a version of the
question discussed, earlier, asking if the existence of
http://security.debian.org/dists/testing/ means that the Security Team
FAQ's policy has changed. The answer was "no".)
--
Cheers, Errors have been made. Others will be blamed.
Rick Moen
rick@linuxmafia.com
Reply to: