On Thu, Dec 23, 2004 at 10:26:34PM +0100, Christian Storch wrote: > On Do, 23.12.2004, 21:16, Florian Weimer wrote: > > * Jan Minar: > > > >> On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote: > >>> My current idea is to borrow an idea from Microsoft: Create a Patch > >>> Validation Program. Under this program, you get access to security > >>> fixes before the official release, and you can test if your > >>> applications break. Of course, Microsoft requires NDAs because they > >>> actually give you binaries a week or so before the regular patch day. > >>> Debian wouldn't be able to do this, so patch validation could begin > >>> only after the issue has been disclosed. We could use a separate > >>> public archive, and after some soaking period, the new packages could > >>> be officially released on security.debian.org. > >> > >> I think You are reinventing apt-listbugs ;-) > > > > apt-listbugs only helps if someone else has already burned his > > fingers, *and* has filed a bug report with the proper severity and > > tags. You can tell it to install only packages that have been in the archive no less than some arbitrary period of time (or maybe not and it could be written; I don't use apt-bug). > > IOW, the soaking period is required. > > And what is Debian 'unstable' now? Security updates don't go thru unstable. There are lots of revised updates. Cheers, -- )^o-o^| jabber: rdancer@NJS.NetLab.Cz | .v K e-mail: jjminar FastMail FM ` - .' phone: +44(0)7981 738 696 \ __/Jan icq: 345 355 493 __|o|__Minář irc: rdancer@IRC.FreeNode.Net
Attachment:
pgpQ8u3RazqJw.pgp
Description: PGP signature