On Mon, 2003-02-24 at 11:06, Peter Cordes wrote:
> On Mon, Feb 24, 2003 at 10:13:57AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> > Now, foo 1.4-1 moves to testing with the security problem still unfixed.
> > Damn.
>
> File a bug on foo 1.4-1 so that can't happen until the bug is closed?
> Having stuff which introduces new known security holes move into testing is
> obviously bad under all circumstances, right?
Sure. The problem is: who files the bug? Would probably be the testing
security team. But if the versions in testing and unstable diverge, I'm
not sure if the security team is supposed to file a bug just so, or is
obliged to additionally verify the version in unstable? (Of course, the
divergence between testing and unstable now is somewhat special, so this
case might not happen too frequently).
-- vbi
--
pub 1024D/92082481 2002-02-22 Adrian von Bidder
Key fingerprint = EFE3 96F4 18F5 8D65 8494 28FC 1438 5168 9208 2481
Attachment:
signature.asc
Description: This is a digitally signed message part