Re: [SECURITY] [DSA 2322-1] bugzilla security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2322-1] bugzilla security update
From: Adrian Bunk <bunk@stusta.de>
Date: Mon, 10 Oct 2011 20:09:38 +0300
Message-id: <20111010170938.GA31662@localhost.pp.htv.fi>
In-reply-to: <20111010161214.GA4881@pisco.westfalen.local>
References: <20111010161214.GA4881@pisco.westfalen.local>

On Mon, Oct 10, 2011 at 06:12:14PM +0200, Jonathan Wiltshire wrote:
>...
> For the oldstable distribution (lenny), it has not been practical to
> backport patches to fix these bugs. Users of bugzilla on lenny are 
> strongly advised to upgrade to the version in the squeeze distribution.
>...

When I try this upgrade apt also wants to upgrade tons of other 
packages including perl and libc6 - at which point I'll now do a
hasty complete upgrade to squeeze instead.

If you cannot provide fixes for server software exposed directly in the 
internet on oldstable anymore, perhaps it makes sense that you shorten 
the length of security support for a Debian release?

Knowing early when a server will have to be upgraded would be
much better than the status quo, where one thinks there still
was time - until some DSA suddenly forces an immediate upgrade.

Thanks in advance
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update
Next by Date: Re: [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update
Previous by thread: Re: [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update
Next by thread: Re: Debian Oval definitions for 2011
Index(es):
- Date
- Thread