Re: Some clarifications about the Debian-security-HOWTO

To: ML Debian Security <debian-security@lists.debian.org>
Subject: Re: Some clarifications about the Debian-security-HOWTO
From: Michael Stone <mstone@debian.org>
Date: Fri, 20 Feb 2004 08:08:08 -0500
Message-id: <[🔎] 20040220130808.GA6636@mathom.us>
Mail-followup-to: ML Debian Security <debian-security@lists.debian.org>
In-reply-to: <[🔎] 1077279282.5681.143.camel@localhost>
References: <[🔎] 1077279282.5681.143.camel@localhost>

On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:

But this is not always true. Sometimes the DSA reports "For the unstable
distribution (sid) these problems will be fixed soon."

Why this ?


The security team has nothing to do with sid packages. If a fix is ready
when the advisory goes out the security team may add the sid information
as a curtesy, but the lack of a sid package will in no way delay the
advisory.

Are the fixes *always* be applied to sid packages and then backported ?


That never happens, the security HOWTO should rephrase that. I imagine
that the intent is to say that sid may have a new version installed to
fix a problem, but stable will get a backported patch.

Mike Stone

Reply to:

References:
- Some clarifications about the Debian-security-HOWTO
  - From: Gian Piero Carrubba <gpcarrubba@libero.it>

Prev by Date: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Next by Date: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Previous by thread: Some clarifications about the Debian-security-HOWTO
Next by thread: Re: Some clarifications about the Debian-security-HOWTO
Index(es):
- Date
- Thread