Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

To: Yves-Alexis Perez <corsac@debian.org>
Cc: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>, debian-security@lists.debian.org
Subject: Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
From: Lupe Christoph <lupe@lupe-christoph.de>
Date: Tue, 2 Feb 2016 18:03:41 +0100
Message-id: <[🔎] 20160202170341.GA12656@lupe-christoph.de>
Mail-followup-to: Yves-Alexis Perez <corsac@debian.org>, Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 1454429682.6600.12.camel@debian.org>
References: <56a8b515.84c9c20a.31bff.35db@mx.google.com> <[🔎] 1454406003.4107.37.camel@idefix> <[🔎] 20160202095834.GH15036@snarl.nl> <[🔎] 1454427478.8914.8.camel@idefix> <[🔎] 1454429682.6600.12.camel@debian.org>

On Tuesday, 2016-02-02 at 17:14:42 +0100, Yves-Alexis Perez wrote:
> On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote:
> > Can anyone please clarify? In particular, I would like to know what the
> > exact policies regarding coverage of security support are, and what
> > issues have not been fixed intentionally in oldstable (and maybe even
> > stable).

> Everything is in the tracker.

This is three-fold: the DSA does not mention oldstable at all, the DSA
does not link to the tracker, and the text in the tracker page does not
really justify the decision to leave oldstable unfixed "Too intrusive
to backport". What?!? The link with that text points to a page that does
nothing to explain the decision.

Lupe Christoph
-- 
| As everyone knows, it was predicted that the world would end last       |
| Wednesday at 10:00 PST.  Since there appears to be a world in existence |
| now, the entire universe must therefore have been recreated, complete   |
| with an apparent "history", last *Thursday*.  QED.                      |
| Seanna Watson, <1992Nov2.165142.11847@bcrka451.bnr.ca>                  |

Reply to:

References:
- Re: [SECURITY] [DSA 3455-1] curl security update
  - From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
- Re: [SECURITY] [DSA 3455-1] curl security update
  - From: Freddy Spierenburg <freddy@snarl.nl>
- Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
  - From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
- Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
Next by Date: Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
Previous by thread: Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)
Next by thread: Re: Security support incomplete?
Index(es):
- Date
- Thread