[Secure-testing-team] [RFC] in-d-i upgrades
Thijs Kinkhorst
thijs at debian.org
Thu Jul 3 10:52:25 UTC 2008
Hi Joey,
On Sat, June 28, 2008 22:40, Joey Hess wrote:
> I've been working on a fix for bug #479431, and before I apply it to
> d-i, I want to make you aware of it, since it can have repercussions to
> DSAs and release management.
Thank you for your work on this. I think this adds a significant amount of
proactive security to a Debian installation.
> If you're making a D[T]SA for a package that is installed by
> debootstrap, or of the kernel, or of (some) of the other packages listed at
> <http://release.debian.org/britney/noremove.d/> (d-i* files), you
> will need to keep in mind that d-i will upgrade it to the fixed version
> inside the d-i environment, and that all the issues I list in [1] should
> be avoided.
I've reviewed the list and I think these are all issues we can deal with.
Most of them should never even occur in security updates. It's good to
know about them to keep in mind and I think we can deal with them to
prevent d-i trouble.
cheers,
Thijs
More information about the Secure-testing-team
mailing list