Latest firefox vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Thu Jun 8 14:00:57 UTC 2006
Michael Stone wrote:
> On Thu, Jun 08, 2006 at 02:53:07PM +0100, Steve Kemp wrote:
> >On Thu, Jun 08, 2006 at 09:50:15AM -0400, Michael Stone wrote:
> >>If we can't get backports in a reasonable timeframe, I think we
> >>have to consider backporting a supported version before we let the sarge
> >>packages get into the state the woody packages reached.
> >
> > Wouldn't this be an ideal use for the Volatile repository?
>
> No. We can't just distribute a version with security problems and tell
> people to use some other archive if they need security. If we dropped
> mozilla from the main archive and *only* distributed it from volatile,
> then it would be ok. But we've given our users an expectation that if
> they install main & get security updates form security.d.o, they'll be
> taken care of. We can't just stop doing that. (Although we did it for
> woody, I'd like to think that's an anomoly rather than our new policy.)
I agree it's not an option for Sarge, can we could very well do it
for Etch.
Cheers,
Moritz
More information about the pkg-mozilla-maintainers
mailing list