Hello, On Mon, May 10, 2004 at 03:13:03AM -0700, Phil Carmody wrote: > --- Helge Kreutzmann <[EMAIL PROTECTED]> wrote: > > There is testing, solid, very seldom breakages, quite current. No > > security support. > > What do you mean by "no security support"? Simply that, because this is an > actively developed configuration, there's no special support for security > issues, as that's already covered by the standard development cycle that all > packages have?
If in package A a security issue is found, the security team will
release a security update for "stable". The package maintainer will
upload a new version to "unstable". Now, even if the priority is set
to high, it takes a few days to propagate to "testing" -- provided no
new RC bugs are found in the packages or its dependencies.
As an example, kde3 hit testing not to long ago. So, testing users did
not get the security update for kde2 (well, I did not check, maybe the
security update for stable worked in this case), but neither got a new
version since it had not hit testing. This is not against KDE, just to
illustrate the case at hand.
Generally though, it only takes a few days for security updates to
propagate, and a cautios admin could use pinning to selectivly pull in
security related issues even if they have not yet hit testing.
Greetings
Helge
--
Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
gpg signed mail preferred gpg-key: finger [EMAIL PROTECTED]
64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm
Help keep free software "libre": http://www.freepatents.org/
pgpB9Aa5WRjyP.pgp
Description: PGP signature
