Hi! Thanks to Sven for bringing the thread to my attention.
* Sven Hoexter <s...@timegate.de> [2009-11-19 08:42:49 CET]: > On Thu, Nov 19, 2009 at 02:16:15PM +0700, Sthu Deus wrote: > > I have searched backport, wiki web sites and still can not > > understand: does debian security team works with its packages or > > not? In other words, using stable only and desiring the same > > security quality, I would not use the backports repo? Am i correct? > > backports.org is not under the hands of the Debian security team. Likewise with unstable and testing these days unfortunately. Too little people able to put their efforts into it, overworked and stuff. > Usually backports are based on packages from testing, in case of > security issue uploads based on packages from unstable are allowed > aswell. It's usually the uploader of the backport who is responsible > to care for uploads in case of security issue. So it doesn't hurt if > you keep an eye on the backports aswell that you install. Since you > should install only selected backports where needed you've to monitor > just those very few selected packages. I tried to track it myself and pester people to update their packages, though currently I'm in a bit of time constrain trouble myself and have to priorize other things, it's not like if I wouldn't like to continue on that front. :/ > Additionaly there is a backports-security-announce list where > backporters announce security relevant uploads. And there is support in the security-tracker to look up open issues and pester people that don't update their packages on backports when the fix did finally hit unstable. Fell free to follow the links from <http://security-tracker.debian.org/tracker/> about "Vulnerable packages in backports". > Gerfried: Maybe that's something that should be noted in the FAQ > aswell? Is now, was overdue, and thanks for the prod. :) Rhonda -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
