On 24-01-2018 19:37, Markus Koschany wrote:
> Thanks. How do you catch the case when security updates are part of a
> stable point release?
This requires more effort. Does the package tracker offer a way to
query such information? The only other idea I have right now involves
inspecting the latest entry in changelog.Debian.gz. ("Was the package
uploaded by the maintainer or one of the normal uploaders?") Do you
have other ideas on how a user might know whether a package update
delivered in a stable point release was a security update?
Would it be feasible to make all security updates available via the
security update channel? Then the simple suggested method would be
sufficient. But it is probably infeasible, otherwise it would be done?
If there is no good way, maybe asking your question only for the
packages identified by the proposed method would be acceptable as a
first step, until a reliable approach is developed?
But perhaps Sandro may even be willing to accept a patch based on your
original version string pattern matching, if his other concerns are
addressed. Sandro, what do you think?
