On Tue,18.May.10, 13:49:11, John A. Sullivan III wrote: > > > > May I suggest: > > --- > > If "sid" is used in the above example instead of "lenny", the "deb: > > http://security.debian.org/ …" line for security updates in the > > "/etc/apt/sources.list" is not required as there is no need to have a > > separate security update archive for "sid". This is because "sid" > > (unstable) is *usually* updated whenever security issues are fixed for > > stable. > > > > However, it can happen that the fixes are not applied immediately (e.g. > > the maintainer is waiting for a new version from upstream which fixes > > the issue) or issues exist which do not affect the version in stable or > > testing, in which case Debian will not even issue a DSA. > > --- > > (DSA might need expanding/explaining if not already done in some other > > paragraph) > I thought John Hasler's response was very good. It explained why I was > confused - there are security updates but they are not the same type of > updates as testing and stable receive. Perhaps John's wording should be > included; it clarified a very murky issue for me - John How about this instead of the last paragraph: --- Please note that the Security Team does not monitor unstable. It is up to the individual maintainer to fix the issue. This may under circumstances take longer, e.g. if the maintainer is waiting for a new version from upstream. There are also no Debian Security Advisories (DSA) for issues that are present in the unstable version of a software, but not the versions in stable and/or testing. --- Aoki-san, what do you think, is this getting too long? I also thought about mentioning alternate sources to get security informations (CVEs and such). Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature