[Secure-testing-team] DTSA advisory format
Joey Hess
joeyh at debian.org
Sun Aug 28 17:32:03 UTC 2005
Anthony DeRobertis wrote:
> Moritz Muehlenhoff wrote:
>
> > - The install recommendation uses apt-get install foo. So we'd need to
> > specify a list of all binary names here to properly install the update.
> > Shouldn't we just recommend dist-upgrade instead? (If people use the
> > testing security apt repo they don't have to cherry pick fixes)
>
> apt-get dist-upgrade might very well pull in a lot of stuff which isn't
> related to the update (considering testing changes nightly, this is
> fairly likely).
Yes. On the other hand, it's hard to give apt-get install commands that
work in all cases. For example, a DTSA of mozilla will include several
mozilla-* packages, some of which might include some security fixes. But
a user might not have them all installed so recommending an apt-get
install mozilla-* is not a good idea.
I guess people running testing should be comfortable with an apt-get
upgrade upgrading lots of stuff, so that seems like the best solution to
me.
Especially since security fixes tend to get into testing via normal
means on a daily basis anyway, so users really need to apt-get upgrade
anyway. One thing I have been trying to figure out is whether we should
issue some kind of advisory/summary for those, or just ignore them, or
what.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050828/f58a03bb/attachment.pgp
More information about the Secure-testing-team
mailing list