On Mon, June 15, 2009 16:42, Dominic Hargreaves wrote: >> For the oldstable distribution (etch), this problem will be fixed soon. >> > > 2.1.22.dfsg1-8+etch1 has now appeared in the security archive which > appears to fix this problem, but no subsequent advisory has been released. > Is this an oversight?
I'm not sure - the advisory tells us that the updated packages will be released soon, and that's exactly what happened. Point is that we don't have fixed rules for which events lead to a "-2" DSA mail and which don't. Some cases are clear: when we update packages for a regression. In others its always a tradeoff: would a "-2" add more information for our users? We could send such an update mail strictly for each and every change, but this would also add a lot of noise. cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
