Hi, On Freitag, 26. September 2014, Raphael Hertzog wrote: > The annoying part is that the mapping of "release => file to use" changes > over time. There's a one year period where oldstable is the realm of the > security team and only afterwards it gets into dla-needed.txt. > > I wish we could use a unified process. After all dsa-needed.txt already > accepts "package/stable" and "package/oldstable" for the period where the > security team takes care of both. Maybe we could just always use that > scheme...
in the last month or so I came to realise that "the Debian security team
doesnt support LTS as a team, only by individual members" is not really true /
accurate. Or to phrase it differently and more positivly: I thankfully still
see many edits to data/CVE/list which refer to squeeze too! Thats awesome!
So I think LTS has put a little bit more work on the security teams shoulders.
And we should acknowledge / not forget that. (Which I think we do best by
working with them, roughly like we have done so far :)
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
