Re: using sarge on production machines
Hi!
On Saturday 19 February 2005 02:40, kurt kuene wrote:
> so there WAS really a security team at that time. I eventually have
> thought that I had only dreamed or misunderstood something. but
> this is not debian-like. I have thought that if they run security
> updates they will not just stop them again.
No. There was never working security support for sarge. The
testing-security-team checks which known security issues are still
unfixed in sarge but there was never any infrastructure to ensure
that fixes went in quickly. There are still quite a few unfixed
issues [1].
> Do packages with important security problems (for example: remote
> execution of arbitrary code) change faster from unstable to
> testing? I think this is so but I am not sure...
Updates that fix security issues usually have urgency=high and change
faster to testing. However, you cannot trust this since new release
critical bugs might still keep the new package from entering testing.
Cheers,
Stefan
[1] http://merkel.debian.org/~joeyh/testing-security.html
Reply to: