Re: Sid and security

To: debian-user@lists.debian.org
Subject: Re: Sid and security
From: John Hasler <john@dhh.gt.org>
Date: Sat, 21 Aug 2004 12:27:21 -0500
Message-id: <[🔎] 878yc8fll2.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 20040821154244.GA1787@cox.net> (Stefan O'Rear's message of "Sat, 21 Aug 2004 08:42:44 -0700")
References: <[🔎] 200408211025.17913.michael@weblore.com> <[🔎] 1093102361.6979.28.camel@linda> <[🔎] 20040821154244.GA1787@cox.net>

Stefan O'Rear writes:
> Security team finds hole.
> Security team fixes hole.
> Security team NMU's woody-proposed-updates
> Security team contacts maintainer.
> Maintainer applies patch.
> Maintainer uploads to sid.

Someone finds hole and notifies maintainer and/or security team.
Security is notified if they don't know already.
Maintainer is notified if he doesn't know already.
Security team and/or maintainer fixes hole.
Security team NMU's stable-proposed-updates.
Maintainer uploads fixed version to Unstable, perhaps before security team
fixes Stable.

Often the fix for Unstable is to upload the new, fixed upstream version.
Sometimes the newer version that is already in Unstable doesn't have the
hole.  The fix must be backported for Stable and so Stable can take longer
to fix then Unstable.

Testing doesn't get fixed until the fixed version propagates to it from
Unstable.

-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to:

Follow-Ups:
- Re: Sid and security
  - From: Stefan O'Rear <stefanor@cox.net>

References:
- Sid and security
  - From: Michael Satterwhite <michael@weblore.com>
- Re: Sid and security
  - From: Oliver Elphick <olly@lfix.co.uk>
- Re: Sid and security
  - From: Stefan O'Rear <stefanor@cox.net>

Prev by Date: Apache2 problem with Include statements in apache2.conf
Next by Date: Re: how to connect two PC's with a cross-over ethernet cable?
Previous by thread: Re: Sid and security
Next by thread: Re: Sid and security
Index(es):
- Date
- Thread