Re: Security Policy
On Wed, Oct 01, 2003 at 12:30:56PM +0200, Furjo wrote:
> I wonder which is the Security Policy of Debian/testing.
http://www.debian.org/security/faq#testing
If you're running testing on an exposed system then you need to keep a
very close eye on updates in unstable and install them manually where
necessary.
> I feel that the patched packets go through the normal (slow!)
> procedure of being included only after 10 days they are in unstable
> plus all other criteria, and that seems to delay urgent patches!
Security uploads should be urgency high, which is 2 days, not 10.
> For example, I still doesn't see a patched OpenSSH version in testing,
> whereas both stable and unstable have it!
You're out of date; the openssh security patch has been in testing for a
couple of days now. It was delayed by having to wait for updated
versions of glib2.0 (due to ssh-askpass-gnome) and gcc-3.3.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: