[Secure-testing-team] updated poppler package
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Feb 21 17:12:21 UTC 2011
On Mon, 21 Feb 2011 11:16:52 +0000, Jonathan Wiltshire wrote:
> On Sun, Feb 20, 2011 at 08:30:25PM -0500, Michael Gilbert wrote:
> > I wonder if it would help to set up a security.debian.org bug tracker
> > (similar to the release.debian.org [0]) so stuff like this doesn't get
> > lost?
>
> This occurred to me recently but actually it didn't fix the problem I had,
> so I didn't take it any further.
>
> In what cases would bugs be filed against this pseudo-package instead of
> against the package with the security issue? or do you envisage using the
> 'affects' feature?
I was thinking that it would be used to categorize/track security
updates in preparation. For example, categories could be
"Stable/oldstable/testing security updates", "Unstable NMUs", etc
(similar to release.debian.org's "Stable proposed updates", etc). That
way non-DDs (and even DDs not on the security team) can easily prepare
an update, send a bug report, and it will be easy for the security team
to better track what is going on at any particular time.
Bug against the original package would be unchanged. In fact the
security.debian.org bugs will usually resolve many other bugs.
An alternative solution would be to add something like a
data/updates-needing-review file to the security tracker.
Personally I think the release.debian.org solution is ideal since it
provides a good avenue for continued dialog, and it just plays well
with the debian infrastructure.
Best wishes,
Mike
More information about the Secure-testing-team
mailing list