Re: Sid and security
On Sat, Aug 21, 2004 at 12:27:21PM -0500, John Hasler wrote:
> Someone finds hole and notifies maintainer and/or security team.
> Security is notified if they don't know already.
> Maintainer is notified if he doesn't know already.
> Security team and/or maintainer fixes hole.
> Security team NMU's stable-proposed-updates.
> Maintainer uploads fixed version to Unstable, perhaps before security team
> fixes Stable.
>
> Often the fix for Unstable is to upload the new, fixed upstream version.
> Sometimes the newer version that is already in Unstable doesn't have the
> hole. The fix must be backported for Stable and so Stable can take longer
> to fix then Unstable.
>
> Testing doesn't get fixed until the fixed version propagates to it from
> Unstable.
Thank you, it makes sense now.
Reply to: