[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: next debian stable ?

On Tue, Apr 29, 2003 at 11:57:16PM -0700, nate wrote:
> Paul Johnson said:
> > Well, of course security updates make it through, or that would sort
> > of defeat the purpose of security.debian.org...
> I think the poster was referring to the "event" last year where
> a vulnerability was about to be announced but no details on it,
> so everyone was "forced" to upgrade to openssh 3.x. potato had
> openssh 1.x. and there was an openssh 3.x release backported to
> potato to accomodate those that needed the upgrade.
> in the end it turns out potato wasn't even affected, the features
> that were vulnerable weren't even available in the older version.

Yep, that's _exactly_ what I was referring to.  Illustrates that while
very uncommon, package updates can happen to stable.  Even though this
was done under the guise of being a security update, stable was not
vulnerable to the exploit before the update.

Jamin W. Collins

Remember, root always has a loaded gun.  Don't run around with it unless
you absolutely need it. -- Vineet Kumar

Reply to: