Re: Security Policy

To: debian-testing@lists.debian.org
Subject: Re: Security Policy
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 1 Oct 2003 12:23:57 +0100
Message-id: <[🔎] 20031001112357.GA16440@riva.ucam.org>
Mail-followup-to: debian-testing@lists.debian.org
In-reply-to: <[🔎] 3F7AACE0.5010601@quipo.it>
References: <[🔎] 3F7AACE0.5010601@quipo.it>

On Wed, Oct 01, 2003 at 12:30:56PM +0200, Furjo wrote:
> I wonder which is the Security Policy of Debian/testing.

  http://www.debian.org/security/faq#testing

If you're running testing on an exposed system then you need to keep a
very close eye on updates in unstable and install them manually where
necessary.

> I feel that the patched packets go through the normal (slow!)
> procedure of being included only after 10 days they are in unstable
> plus all other criteria, and that seems to delay urgent patches!

Security uploads should be urgency high, which is 2 days, not 10.

> For example, I still doesn't see a patched OpenSSH version in testing,
> whereas both stable and unstable have it!

You're out of date; the openssh security patch has been in testing for a
couple of days now. It was delayed by having to wait for updated
versions of glib2.0 (due to ssh-askpass-gnome) and gcc-3.3.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Security Policy
  - From: Furjo <furjo@quipo.it>

Prev by Date: Re: Security Policy
Next by Date: Re: Security Policy
Previous by thread: Re: Security Policy
Next by thread: Re: Security Policy
Index(es):
- Date
- Thread