On Sun, September 2, 2007 04:40, Steffen Joeris wrote: >> For removed packages, there is the problem that (AFAIK) the release >> team sometimes removes packages temporarily to ease transitions. This >> could be confusing for the users. Should the information about removed >> packages be included? > If the package is removed from testing, it does not mean that the user > removes it from their installation, therefore the issue is not fixed. > Because of > that, I would not include this information.
I would include it, but not with the claim that the issue is thereby "fixed". If we tell the admin that we decided to remove a package from the distribution because it's not secure, that admin can decide for himself whether to: also uninstall the package, take other action to secure it or decide that the risk is acceptable/not applicable. If we leave the information out entirely, they are not prompted and may just keep on waiting for a security fix (or are ignorant about the problem entirely). Thijs _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
