[Secure-testing-team] DTSA announcements
Moritz Muehlenhoff
jmm at inutil.org
Wed Aug 22 16:00:33 UTC 2007
3ROn Tue, Aug 21, 2007 at 06:09:56PM +0200, Luk Claes wrote:
> Moritz Muehlenhoff wrote:
> > Steffen Joeris wrote:
> >> On the other hand, I was wondering,
> >> why we stopped sending DTSA announcements.
> >
> > Because it singles out a couple of packages, while you need to update daily
> > anyway. The majority of all testing fixes are coming through regular
> > testing migration.
>
> The problem with not sending DTSAs for testing-security is that some
> people only want to cherry pick packages from testing-security besides
> daily upgrading testing...
That's exactly the problem. In contrast to stable, where all
relevant security fixes are coming through stable-security, only a minor
subset of testing security fixes are coming through testing-security. So,
if there's only a dedicated annoucement list people will pick these and
don't notice the ones, which have propagated normally. That's why I recommend
an automated summary mail listing all testing-security fixes and the newly
propagated security fixes from unstable. (Which might just as well be sent
daily, I don't care about the frequency).
Cheers,
Moritz
More information about the Secure-testing-team
mailing list