[Secure-testing-team] DTSA announcements
Luk Claes
luk at debian.org
Tue Aug 21 16:09:56 UTC 2007
Moritz Muehlenhoff wrote:
> Steffen Joeris wrote:
>> On the other hand, I was wondering,
>> why we stopped sending DTSA announcements.
>
> Because it singles out a couple of packages, while you need to update daily
> anyway. The majority of all testing fixes are coming through regular
> testing migration.
The problem with not sending DTSAs for testing-security is that some
people only want to cherry pick packages from testing-security besides
daily upgrading testing...
> IMO a weekly overview like the SuSE security summaries provide the best
> balance. For up-to-date security overview debsecan is available.
A weekly security summary might indeed also be a good idea.
debsecan needs at least python (besides a MTA when mail is wanted) which
is not always wanted... it's also host based which has some advantages,
but also some disadvantages...
Cheers
Luk
More information about the Secure-testing-team
mailing list