Quoting Mark Allums (2019-12-30 18:29:07) > > On 12/29/2019 8:44 PM, Andreas wrote: > > I was supposing that Mark's answer implied that (against general > > policies of debian and for reasons unknown to me) in this case > > security changes of upstream would be passed on to debian, even if > > binutils is "not covered by security support". If this is > > (probably?) not the case, the fact that binutils is supported by > > upstream of course is of no help. > > My answer was the naive one, that assumes that the upstream even > cares. Of course Debian adds its own patches and "spin", and upstream > doesn't care about that. Everyone may recall the random number > debacle... Some upstream care about Debian handling integration into Debian of their project. Others think they know better how to integrate their project into Debian than Debian does. And others do not care about their project being well integrated with Debian at all. When Debian declares a project unsupported, it means the user is on their own - i.e. cannot rely on Debian to aid in continued maintenance for the integration of that project into Debian. I think your answer does a disservice to someone asking if there is reason for concern: They want to know if they should do something, and your respons can easily me misunderstood as no action is needed which is plain wrong. YES there is reason for concern EXACTLY because for those projects the USER needs to make sure to investigate if that project is one where upstream offers some alternative maintenance path, or it is a project where upstream expects you to run a less stable (a.k.a. more modern/fresh/shiny) system, or however they expect their project to work reliable, and then the USER needs to act accordingly. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature