Re: Misunderstanding about normal (stable) and security channels
On Mon, Jul 28, 2008 at 03:20:56PM +0200, Frédéric PICA wrote:
In the tool I'm developping, I rely on the package channel to know if
a package was installed because of a security concern or not (never
mind if this is a minor one or not)
and now I can't be sure of the update type.
Is there a more or less simple way to know a package type (security,
bugfix, ...) ?
You're overestimating the degree of difference between a "security" fix
and "just a bugfix". In other words, you're never going to get what you
want because there will always be bugs where people argue about whether
it warrants a security label--reference a recent discussion on
linux-kernel about this very issue. Time would better be spent testing
stable updates for installation rather than trying to classify them; at
some point it doesn't really matter whether your machine crashed due to
an obscure bug labeled "DOS" or an obscure bug labeled "hard to