On Wed, Feb 17, 1999 at 11:22:37PM -0500, James A. Treacy wrote: > I'm still leaning toward simply having the security pages link the relevant > page in the Packages section of the web site and deal with linking packages > in proposed-updates directory there. Only security updates are supposed to > make it into that directory so there should be no problem using packages > from there. But there's still the issue of package stability. The stuff in proposed-updates isn't necessarily ready to go into the dist yet. And we have in the past had stuff in the updates dir that wasn't security-related (I don't know if that's still the case.) And that still doesn't address the issue of making it easy to get the package. We don't want to remove reference to the old package until the new package is in stable. So does the package page have an explanation of what the difference between the packages is so people know what to download? Another case is a package with multiple security problems. Let's say the first one is a remote root exploit for a part of the package that is commonly used. This fix makes it to stable in due course. Later, another problem is discovered in a part of the package that is normally not active. I'd like the like on the page for the first security report to reference the stable package, and the link on the later security report to reference the second package. Why? So a person doesn't download a potentially unstable package that fixes a problem that's not relavent to him. > The only problem with the Package section of the web site is it is still > i386 specific. :( That's a big problem, and that's another area I'm not sure how to handle. Perhaps 'download i386' and 'download m68k' buttons? Or seperate entry points? > BTW, Michael, you haven't gotten back to me with any other common phrases > that may be used in the security pages that should have translations. Does > that mean you are happy with the list I posted? I haven't thought of anything else yet. We can always add more later, right? OTOH, what I'm considering for this link thing is a syntax like this: <fixlink package=foo vers=foo dist=stable,unstable,frozen arch=i386,m68k,alpha,powerpc section=e.g.,net> That is, this tag goes ahead and generates the link matrix of dists, source, debs, etc. If that's the case, the some of the multilingual tags would get folded into here. Mike Stone
Attachment:
pgpTNkORKlneB.pgp
Description: PGP signature