Re: using sarge on production machines

To: debian-security@lists.debian.org
Subject: Re: using sarge on production machines
From: Joey Hess <joeyh@debian.org>
Date: Thu, 24 Feb 2005 22:41:20 -0500
Message-id: <[🔎] 20050225034120.GA19364@kitenet.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 200502202357.25004.sfritsch@ph.tum.de>
References: <[🔎] 87acq1k2f0.fsf@deneb.enyo.de> <[🔎] Pine.LNX.4.44.0502181539370.10106-100000@agni.phys.iit.edu> <[🔎] 20050219024056.7c5a979d@macia> <[🔎] 200502202357.25004.sfritsch@ph.tum.de>

Stefan Fritsch wrote:
> Updates that fix security issues usually have urgency=high and change 
> faster to testing. However, you cannot trust this since new release 
> critical bugs might still keep the new package from entering testing.

New release critical bugs need not keep a security update from testing,
unless the new release with the security update itself introduced more
release critical bugs than it solved. If unrelated RC bugs are filed,
the release team has the power to force a security fix into testing
anyway.

Dependency issues blocking a security update from reaching testing
remains the main blocker for security updates reaching testing and
probably will continue to do so until the autobuilders fully support
testing.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: using sarge on production machines
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: using sarge on production machines
  - From: David Ehle <ehle@agni.phys.iit.edu>
- Re: using sarge on production machines
  - From: kurt kuene <kurtkuene@gmx.net>
- Re: using sarge on production machines
  - From: Stefan Fritsch <sfritsch@ph.tum.de>

Prev by Date: Re: unsubscribe - and one reason why it's failing
Next by Date: 2.6 kernel vulnerabilities
Previous by thread: Re: using sarge on production machines
Next by thread: Re: using sarge on production machines
Index(es):
- Date
- Thread