[Secure-testing-team] DTSA announcements
Thijs Kinkhorst
thijs at debian.org
Sun Sep 2 08:12:46 UTC 2007
On Sun, September 2, 2007 04:40, Steffen Joeris wrote:
>> For removed packages, there is the problem that (AFAIK) the release
>> team sometimes removes packages temporarily to ease transitions. This
>> could be confusing for the users. Should the information about removed
>> packages be included?
> If the package is removed from testing, it does not mean that the user
> removes it from their installation, therefore the issue is not fixed.
> Because of
> that, I would not include this information.
I would include it, but not with the claim that the issue is thereby
"fixed". If we tell the admin that we decided to remove a package from the
distribution because it's not secure, that admin can decide for himself
whether to: also uninstall the package, take other action to secure it or
decide that the risk is acceptable/not applicable.
If we leave the information out entirely, they are not prompted and may
just keep on waiting for a security fix (or are ignorant about the problem
entirely).
Thijs
More information about the Secure-testing-team
mailing list