Hi, On Tue, 11 Sep 2007, Steffen Joeris wrote: > I would just add a short comment here: > > In case the package got removed, we encourage the admin to remove > the package as well or take other measures.
This blurb is automatically added if there is a package that is removed: The following issues have been "fixed" by removing the (source) packages from testing. This probably means that you have to manually uninstall the corresponding binary packages to fix the issues. It can also mean that the packages have been replaced, or that they have been temporarily removed by the release team to make transitions from unstable easier. >> deb http://security.debian.org lenny/updates main contrib non-free > > I would also add the normal line for ftp.debian.org here (maybe > without contrib and non-free). This again makes sure that the people > have both in and get the packages fixes from migration. I will add a note (people will have to use their own mirrors anyway). > I was talking to nion last night and we were unsure about the > following. The DTSA announcements always included some nice > additional information and I would guess that sysadmins appreciate > these information in the announcement. Therefore, we were wondering, > if we should continue sending out DTSA announcements for uploads to > testing-security, in addition to this mail. Of course, if there are > strong objections, we will leave it out. The problem is that DTSA announcements give the impression that the uploads to testing-security are more important than the fixes that are migrating from unstable. But this is misleading. For example, the krb5 fixes were very important but came via unstable. Therefore I am against different types of announcements. On Tue, 11 Sep 2007, Nico Golde wrote: > Not only the description is a nice-to-have but also the > Subject line of the mail gets a big attention and stripping > the useful information out there like which package is > affected doesn't look like a good idea while these summary > mails are indead useful. Is there any way to automate DTSA > announcements? That would be really great since there is so > much you need to look at that could be made wrong but > generating the mail out of an .adv file shouldn't be a big > deal. Do I miss something? Of course the old announcements contained more information. But this had to be added by hand (in the .adv file) and is not available for all issues. If there was some publicly available source for short CVE summaries, I would include them. But putting the list of packages in the subject would probably be posible (at least if there are only a few fixes). Cheers, Stefan
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
