[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Misunderstanding about normal (stable) and security channels

On Mon, Jul 28, 2008 at 03:20:56PM +0200, Frédéric PICA wrote:
In the tool I'm developping, I rely on the package channel to know if
a package was installed because of a security concern or not (never
mind if this is a minor one or not)
and now I can't be sure of the update type.

Is there a more or less simple way to know a package type (security,
bugfix, ...) ?

You're overestimating the degree of difference between a "security" fix and "just a bugfix". In other words, you're never going to get what you want because there will always be bugs where people argue about whether it warrants a security label--reference a recent discussion on linux-kernel about this very issue. Time would better be spent testing stable updates for installation rather than trying to classify them; at some point it doesn't really matter whether your machine crashed due to an obscure bug labeled "DOS" or an obscure bug labeled "hard to reproduce CRASH".

Mike Stone

Reply to: