On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote: > I'm the maintainer of the harden-*flaws packages. The idea is to > have conflicts with packages that are known to have security holes. > This is not a big problem for unstable (and mostly for testing) > but now woody have become stable. > > So I now ask you what you think. Should I upload updated conflicts > for woody or should I just let it be as is (the packages are > then quite useless in woody). Or should I upload new ones. With > which priority and for what distribution name? "woody-proposed-updates", > "woody", "woody-security-updates" or what?
I'm not honestly sure why it helps. Surely in order to see the new harden-*flaws packages, people will have to update, and at that point they will see the new packages anyway? I don't understand why somebody would upgrade harden-*flaws and not the security updates themselves. As far as I can tell, harden-*flaws is only useful for security holes for which no fix is available. -- Colin Watson [EMAIL PROTECTED]
