On Sun, 2005-01-09 at 16:20 -0500, Tom Allison wrote: > Ron Johnson wrote: > > On Sun, 2005-01-09 at 15:04 +0100, Olaf Conradi wrote: > > > >>On Sun, 9 Jan 2005 11:13:41 -0200, Henrique de Moraes Holschuh > >><hmh@debian.org> wrote: > > > > [snip] > > > >>Most of the development work that is done in Debian, is uploaded to > >>this distribution. This distribution will never get released; instead, > >>packages from it will propagate into testing and then into a real > >>release. Security updates for "unstable" distribution are not managed > >>by the security team. > > > > > > That is misleading. Yes, the Security Team doesn't manage Sid, > > but the maintainers themselves either patch or push thru new versions > > from upstream. > > > > There's nothing misleading about it. mislead != wrong The statement "Security Team doesn't manage Sid" is true, but someone who doesn't know Debian wouldn't know that Sid packages get fixed, too. > It merely states the the Security Team doesn't manage the security > updates for -unstable. If there are major security holes in the Sid, > there isn't anything which would require a short track security update. > If I were a developer managing a package which was found to have a > security problem in all version, it stands to reason that Sid would be > the lowest priority of the three. > > And as such there's no hard requirements that I do anything on a > security fix basis to Sid. For example, given a choice between a > current version patch or a new version that's fixed, you would expect > Stable and Testing to have the patches and Sid to have whatever I feel > like putting into it. That's wrong. Packages filter into testing after being in Sid for some time. Thus, Sid's versions will always get the patches first. > Probably the new version, but that might take a > considerable amount of time to develope. Bull. I'm always seeing new "dash-versions" in Sid. Here are some examples from this command that I just ran: # apt-get update && apt-show-versions -u | sort cupsys-bsd/unstable upgradeable from 1.1.22-5 to 1.1.22-8 cupsys-client/unstable upgradeable from 1.1.22-5 to 1.1.22-8 cupsys/unstable upgradeable from 1.1.22-5 to 1.1.22-8 curl/unstable upgradeable from 7.12.3-1 to 7.12.3-2 debian-reference-common/unstable upgradeable from 1.07-17 to 1.07-18 debian-reference-en/unstable upgradeable from 1.07-17 to 1.07-18 debian-reference/unstable upgradeable from 1.07-17 to 1.07-18 gmailfs/unstable upgradeable from 0.3-1 to 0.3-2 hal-device-manager/unstable upgradeable from 0.4.2-5 to 0.4.2-6 hal/unstable upgradeable from 0.4.2-5 to 0.4.2-6 indent/unstable upgradeable from 2.2.9-5 to 2.2.9-6 jade/unstable upgradeable from 1.2.1-42 to 1.2.1-43 libcupsimage2/unstable upgradeable from 1.1.22-5 to 1.1.22-8 libcupsys2-gnutls10/unstable upgradeable from 1.1.22-5 to 1.1.22-8 libcurl2/unstable upgradeable from 1:7.11.2-11 to 1:7.11.2-12 libcurl3/unstable upgradeable from 7.12.3-1 to 7.12.3-2 libgda2-1/unstable upgradeable from 1.0.4-1 to 1.0.4-2 libgda2-common/unstable upgradeable from 1.0.4-1 to 1.0.4-2 libhal-storage0/unstable upgradeable from 0.4.2-5 to 0.4.2-6 libhal0/unstable upgradeable from 0.4.2-5 to 0.4.2-6 libmusicbrainz2/unstable upgradeable from 2.0.2-9 to 2.0.2-10 libnet1/unstable upgradeable from 1.1.2.1-1 to 1.1.2.1-2 libpgtcl/unstable upgradeable from 7.4.6-5 to 7.4.6-6 libpq3/unstable upgradeable from 7.4.6-5 to 7.4.6-6 libsp1/unstable upgradeable from 1.3.4-1.2.1-42 to 1.3.4-1.2.1-43 libwww-perl/unstable upgradeable from 5.803-1 to 5.803-3 numlockx/unstable upgradeable from 1.0-11 to 1.0-12 openoffice.org-bin/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-evolution/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-gnomevfs/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-gtk-gnome/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-l10n-en/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-mimelnk/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org-thesaurus-en-us/unstable upgradeable from 1.1.3-3 to 1.1.3-4 openoffice.org/unstable upgradeable from 1.1.3-3 to 1.1.3-4 postgresql-client/unstable upgradeable from 7.4.6-5 to 7.4.6-6 postgresql-contrib/unstable upgradeable from 7.4.6-5 to 7.4.6-6 postgresql/unstable upgradeable from 7.4.6-5 to 7.4.6-6 python2.3-unit/unstable upgradeable from 1.4.1-8 to 1.4.1-9 quick-reference-en/unstable upgradeable from 1.07-17 to 1.07-18 ttf-opensymbol/unstable upgradeable from 1.1.3-3 to 1.1.3-4 udev/unstable upgradeable from 0.050-2 to 0.050-3 Guess I'd better do an "apt-get upgrade" now... -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. "You don't want give people a reason to not invite you to the hot parties." Pat Sajak, on being a Republican in Hollywood
Attachment:
signature.asc
Description: This is a digitally signed message part