Re: Security FAQ

To: debian-security@lists.debian.org, debian-www@lists.debian.org
Subject: Re: Security FAQ
From: Florent Rougon <f.rougon@free.fr>
Date: Sun, 07 Mar 2004 23:41:21 +0100
Message-id: <[🔎] 87znasgu0e.fsf@florent.maison>
Mail-followup-to: debian-security@lists.debian.org, debian-www@lists.debian.org
References: <[🔎] 20040307163017.GA2572@linux.retelocale>

[ I'm not subscribed to debian-www ]

Johan Haggi <scade-giu2004@orsobruno.net> wrote:

> Maybe you want to add this at security faq:
>
> === Question ===
> To use sarge's security updates I write this line in sources.list:
> deb http://security.debian.org/ sarge/updates main contrib non-free
> Why they don't say that it exist??

The 'testing' distribution is not supported by the Debian security team.

> === Answer ===
> Because it is obsolete!!! At 26 Jan 2004
> http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages
> was of 29-May-2003 !!!

You are writing this as if you expected it to be up-to-date. But you
shouldn't even expect it to exist at all.

> security.debian.org sarge/updates exists only because [???]

Because then it will be ready for sarge's release, so that it isn't
delayed by the need to setup the security infrastructure like happened
with woody? Or simply to allow the security team to update packages
there if they want to (possibly before sarge's release, to catch up with
security issues that were fixed in woody)? Or to make it clear that the
main thing that is needed to have security updates for 'testing' is a
bunch of skilled and trusted volonteers?

Of course, these are only guesses, as I am in no way a member of the
security team.

-- 
Florent

Reply to:

References:
- Security FAQ
  - From: Johan Haggi <scade-giu2004@orsobruno.net>

Prev by Date: [no subject]
Next by Date: Re: I have a big problem
Previous by thread: Security FAQ
Next by thread: Re: Security FAQ
Index(es):
- Date
- Thread