Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 2 Nov 2015 20:00:55 +0100
Message-id: <[🔎] slrnn3fcn7.3b1.jmm@inutil.org>
References: <20151101222252.GC5235@pisco.westfalen.local> <[🔎] m37fm172a0.fsf@neo.luffy.cx>

Vincent Bernat <bernat@debian.org> wrote:
> There are many tradeoffs recently with projects that do not want to
> provide a sensible security track for stable releases:
>
>  - always package the latest release (Chromium)

For chromium and iceweasel the vast amount of security issues doesn't leave
much other options.

elasticsearch isn't that category, they simply have chosen to be secretive
from now on and I don't see why we should cater to uncooperative upstreams
with special handling.

Hopefully we'll have PPAs/bikesheds soon, that seems like a proper candidate
for cases like that.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
  - From: Ansgar Burchardt <ansgar@debian.org>
- Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
  - From: Vincent Bernat <bernat@debian.org>

References:
- Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
Next by Date: Re: [SECURITY] [DSA 3355-2] libvdpau regression update
Previous by thread: Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
Next by thread: Re: [SECURITY] [DSA 3389-1] elasticsearch end-of-life
Index(es):
- Date
- Thread