[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2322-1] bugzilla security update

On Mon, Oct 10, 2011 at 06:12:14PM +0200, Jonathan Wiltshire wrote:
> For the oldstable distribution (lenny), it has not been practical to
> backport patches to fix these bugs. Users of bugzilla on lenny are 
> strongly advised to upgrade to the version in the squeeze distribution.

When I try this upgrade apt also wants to upgrade tons of other 
packages including perl and libc6 - at which point I'll now do a
hasty complete upgrade to squeeze instead.

If you cannot provide fixes for server software exposed directly in the 
internet on oldstable anymore, perhaps it makes sense that you shorten 
the length of security support for a Debian release?

Knowing early when a server will have to be upgraded would be
much better than the status quo, where one thinks there still
was time - until some DSA suddenly forces an immediate upgrade.

Thanks in advance


       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to: