Re: next debian stable ?
On Tue, Apr 29, 2003 at 11:57:16PM -0700, nate wrote:
> Paul Johnson said:
> > Well, of course security updates make it through, or that would sort
> > of defeat the purpose of security.debian.org...
> I think the poster was referring to the "event" last year where
> a vulnerability was about to be announced but no details on it,
> so everyone was "forced" to upgrade to openssh 3.x. potato had
> openssh 1.x. and there was an openssh 3.x release backported to
> potato to accomodate those that needed the upgrade.
> in the end it turns out potato wasn't even affected, the features
> that were vulnerable weren't even available in the older version.
Yep, that's _exactly_ what I was referring to. Illustrates that while
very uncommon, package updates can happen to stable. Even though this
was done under the guise of being a security update, stable was not
vulnerable to the exploit before the update.
Jamin W. Collins
Remember, root always has a loaded gun. Don't run around with it unless
you absolutely need it. -- Vineet Kumar