[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Misunderstanding about normal (stable) and security channels

On Mon, 2008-07-28 at 10:43 +0200, Frédéric PICA wrote:
> Greetings,
> As I have understood on
> http://www.debian.org/security/faq.en.html#policy , every security
> bugfix packages goes into the debian-security channel but recently I
> saw an update to the proftpd package (on etch) in the debian/stable
> channel.
> I thought it was a bugfix but when I looked into the changelog
> http://packages.debian.org/changelogs/pool/main/g/glibc/glibc_2.3.6.ds1-13etch7/changelog
> I saw that this is not a bugfix but a security bugfix, closing
> CVE-2007-2165.
> Why does this package was uploaded to the normal etch channel and not
> into the security one ? Every security package concerns must go into
> the security channel, no ?

I suspect because of Etch's latest update (4.0r4).

> I rely on the package channel to know if this is a normal or a
> security bugfix in a plugin I'm currently developping (and soon
> releasing on sourceforce) for apt.
> Best regards,
> Frédéric PICA
Karl Goetz,
Debian user / Ubuntu contributor / gNewSense contributor

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: