Ron Johnson wrote:
On Sun, 2005-01-09 at 15:04 +0100, Olaf Conradi wrote:On Sun, 9 Jan 2005 11:13:41 -0200, Henrique de Moraes Holschuh <hmh@debian.org> wrote:[snip]Most of the development work that is done in Debian, is uploaded to this distribution. This distribution will never get released; instead, packages from it will propagate into testing and then into a real release. Security updates for "unstable" distribution are not managed by the security team.That is misleading. Yes, the Security Team doesn't manage Sid, but the maintainers themselves either patch or push thru new versions from upstream.
There's nothing misleading about it.It merely states the the Security Team doesn't manage the security updates for -unstable. If there are major security holes in the Sid, there isn't anything which would require a short track security update. If I were a developer managing a package which was found to have a security problem in all version, it stands to reason that Sid would be the lowest priority of the three.
And as such there's no hard requirements that I do anything on a security fix basis to Sid. For example, given a choice between a current version patch or a new version that's fixed, you would expect Stable and Testing to have the patches and Sid to have whatever I feel like putting into it. Probably the new version, but that might take a considerable amount of time to develope.