[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

On Mon, Jul 26, 2004 at 01:32:24AM +0200, Hilko Bengen wrote:

> I imagine that some work on these checks could be saved if security
> updates generally used a scheme like ${LAST_USED_VERSION}woody${N}.

Have you considered that this might be part of the reason why the security
team uses the version numbers they do, and that you are proposing their own
current working practices as a solution?

Additionally, the package maintainer knows which version numbers have been
used and where, and so if he chooses a different scheme, he very likely
knows what he is doing.

This thread started because you noticed something you hadn't seen before,
but it is not particularly unusual, works well, and there is no reason to
change it.  I've explained the reason why it was not what you expected, and
so there is no more cause for concern, so I do not think there is a need to
discuss this further.

> Is this part of the the procedure for security updates documented
> anywhere? I didn't find it in the Debian Policy.

I can't count the number of times I've posted this link here; I should have
a mutt hotkey for it.


 - mdz

Reply to: