On Mon, Aug 01, 2005 at 06:06:27AM -0400, Yaroslav Halchenko wrote: > On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote: > > (1) keep vulnerable packages in stable, > > (2) remove affected packages from distribution, > > (3) allow new upstream into stable. > My 1 cent would be a merge of (2) and (3)... it is more of the > formalization so we woudln't need to think about it on a next occasion > with some other package > > (2) - remove from the stable distribution > (3) - create /rolling-updates or whatever better name would be in a > fashion like /security-updates.
If there really are people who wouldn't want (3) on their systems (and enough of them that we should take notice of them), then I think something along the lines you have suggested is the only reasonable solution. It's not pretty, but it does give people the choice of what to be paranoid about. Cheers, Nick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
