> > > The bug is real, and Debian has a fix. See security > > > lists in Debian. If you are running Debian 2.0 > > > you might have a security hole. There was also security > > > problems with bind. The fixes appear in the current distributions > > > (2.0.2 I think) not in package-updates. > > > > Why the bloody hell not? > > I think that it was moved from package-updates to the main distribution > so that if you downloaded it or purchased a new cdrom, it would > have the updates in it. Seems reasonable. Correct. This is also explained in the README in the proposed-updates directory. The idea is that you run dselect (or apt-get) on stable every couple of weeks to stay up-to-date with fixes for security holes and other major bugs. > > > > Sorry, this makes me angry. Debian does a whole lot on finding these > > holes, then spreading the information they are there, but then every one > > has to read at least debian-user or visit the security page on the web to > > find out. [...] Well, you can also subscribe to debian-security-announce@lists.debian.org Information about every security fix released by Debian is posted there. (To subscribe, send an email to debian-security-announce-request@lists.debian.org with the single word 'subscribe' in the subject of the message. And if you're wondering, an announcement about the security-announce list was sent to debian-announce on its creation.) Thanks, Christian Debian Security
Attachment:
pgpHIZGaDEoZY.pgp
Description: PGP signature