On Mon, 2008-07-28 at 10:43 +0200, Frédéric PICA wrote: > Greetings, > > As I have understood on > http://www.debian.org/security/faq.en.html#policy , every security > bugfix packages goes into the debian-security channel but recently I > saw an update to the proftpd package (on etch) in the debian/stable > channel. > I thought it was a bugfix but when I looked into the changelog > http://packages.debian.org/changelogs/pool/main/g/glibc/glibc_2.3.6.ds1-13etch7/changelog > I saw that this is not a bugfix but a security bugfix, closing > CVE-2007-2165. > > Why does this package was uploaded to the normal etch channel and not > into the security one ? Every security package concerns must go into > the security channel, no ? I suspect because of Etch's latest update (4.0r4). http://www.debian.org/News/2008/20080726 kk > > I rely on the package channel to know if this is a normal or a > security bugfix in a plugin I'm currently developping (and soon > releasing on sourceforce) for apt. > > Best regards, > Frédéric PICA -- Karl Goetz, Debian user / Ubuntu contributor / gNewSense contributor http://www.kgoetz.id.au
Attachment:
signature.asc
Description: This is a digitally signed message part