Re: using sarge on production machines

[Stefan Fritsch <sfritsch@ph.tum.de>]

Hi!

On Saturday 19 February 2005 02:40, kurt kuene wrote:
> so there WAS really a security team at that time. I eventually have
> thought that I had only dreamed or misunderstood something. but
> this is not debian-like. I have thought that if they run security
> updates they will not just stop them again.

No. There was never working security support for sarge. The 
testing-security-team checks which known security issues are still 
unfixed in sarge but there was never any infrastructure to ensure 
that fixes went in quickly. There are still quite a few unfixed 
issues [1].

> Do packages with important security problems (for example: remote
> execution of arbitrary code) change faster from unstable to
> testing? I think this is so but I am not sure...

Updates that fix security issues usually have urgency=high and change 
faster to testing. However, you cannot trust this since new release 
critical bugs might still keep the new package from entering testing.

Cheers,
Stefan

[1] http://merkel.debian.org/~joeyh/testing-security.html