On 2008-04-15 18:43 +0200, Andrew Sackville-West wrote: > On Tue, Apr 15, 2008 at 08:45:47AM +0200, Sven Joachim wrote: >> It is true that sid users should generally check out for grave bugs and >> security issues of packages they want to install, but the same holds for >> testing. After all, buggy packages will not be removed quickly and an >> update will first be available in unstable before it migrates to >> testing. > > is it not true that _security_ patches migrate to testing through a > different route than the one to sid? I kind of picture it like this: > > testing security team "finds" security bug, writes patch and pushes it > to testing and (Probably?) passing it back upstream as well. THen > upstream incorporates the fix and it works its way into sid through > upstream's regular release cycle?
In general, no. First, the testing security team also works as security team for unstable: if the maintainer does not react in time and uploads a fix himself, they usually upload directly to unstable as well. Secondly, they only upload to testing-security if the fixed package for unstable is not expected to migrate quickly. You can see¹ that Iceweasel has still an unfixed version in testing, while both stable and unstable have the latest upstream version. Apparently it did not build on mips and mipsel. > I suppose I should shut-up and start reading more about debian > security... I'd recommend to start with http://testing-security.debian.net/, that gives a good overview what this team is about. Regards, Sven ¹ http://packages.qa.debian.org/i/iceweasel.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
