On Fri Sep 26, 2003 at 11:12:26AM +0200, Buchan Milne wrote: > > Once more. The size of the hole is more important than how often people > > require you to patch. > > Well, then by it's history over the past year, sendmail should be the > first kicked out the distro (3 potential remote root vulnerabilities > plus another 2 DOS vulnerabilities). And I don't think there is much > reason feature-wise to choose sendmail over postfix. > > I think second on the list would be samba, but I don't suppose anyone is > going to propose a replacement ... (no, samba-tng doesn't count ...). > > BTW, a lot of the issues could be resolved if there were a standard > mechanism for contrib updates. Vince, I think this was about the time > you said we could start discussing it?
Ugh. Ok, yes, it needs to be dealt with. I'm just not sure of the best way to handle it. Does klama have chroots for older versions? I'd think for contribs, you only really need to worry about the last one, maybe two, versions. Ie. right now, contribs updates should be limited to 9.2, possibly 9.1. I do not want contribs in the official updates tree. No discussion on that. It will give the false illusion that contribs is supported, and updates to contribs will be entirely user-driven. So we can either make a new tree for the mirrors for contribs (I wouldn't be adverse to a updates/contribs/[arch]/[ver], but that would preclude me getting involved to some degree. In my mind, the best solution is to put updates in Club. That way they make it to the Club mirrors and everyone can take advantage of them since non-Club members can also access them. That would be my best solution and my preference. Then I don't have to get involved at all. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
