[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages temporarily disappearing from Testing/Lenny

On 2008-04-15 18:43 +0200, Andrew Sackville-West wrote:

> On Tue, Apr 15, 2008 at 08:45:47AM +0200, Sven Joachim wrote:
>> It is true that sid users should generally check out for grave bugs and
>> security issues of packages they want to install, but the same holds for
>> testing.  After all, buggy packages will not be removed quickly and an
>> update will first be available in unstable before it migrates to
>> testing.
> is it not true that _security_ patches migrate to testing through a
> different route than the one to sid? I kind of picture it like this:
> testing security team "finds" security bug, writes patch and pushes it
> to testing and (Probably?) passing it back upstream as well. THen
> upstream incorporates the fix and it works its way into sid through
> upstream's regular release cycle?

In general, no.  First, the testing security team also works as security
team for unstable: if the maintainer does not react in time and uploads
a fix himself, they usually upload directly to unstable as well.

Secondly, they only upload to testing-security if the fixed package for
unstable is not expected to migrate quickly.  You can see¹ that Iceweasel
has still an unfixed version in testing, while both stable and unstable
have the latest upstream version.  Apparently it did not build on mips
and mipsel.

> I suppose I should shut-up and start reading more about debian
> security...

I'd recommend to start with http://testing-security.debian.net/, that
gives a good overview what this team is about.


¹ http://packages.qa.debian.org/i/iceweasel.html

Reply to: