On Fri, Apr 05, 2002 at 09:40:41AM +0200, Hanspeter Roth wrote: > On Apr 04 at 18:08, John Hasler spoke: > > > Andrew writes: > > > Don't security updates also go to unstable? > > > > No. Security updates are almost always done by backporting the fix to the > > version of the package that is in stable. The version in unstable is > > almost always a more recent one. If it is vulnerable it will be fixed when > > the maintainer uploads a new version. > > But what about the testing distribution? Does it also get `implicit' > security fixes by new versions? > Or is it safer to stick with stable? > > -Hanspeter > > AFAIK, testing gets security fixes only when the package has been uploaded to unstable, then met the requirements to be moved into testing (IIRC, (two weeks|10 days) without a RC bug). I think someone also mentioned a while back that security fixes can get fast-tracked into testing within a few days, if it's a serious issue, but I'm not sure if this is standard. Anyhow, woody will be released Real Soon Now(tm), and then the security policy will be the same as it was for potato. -rob -- I did not vote for the Australian government.
Attachment:
pgpJRnB4Pk1wr.pgp
Description: PGP signature