Hi I'm the maintainer of the harden-*flaws packages. The idea is to have conflicts with packages that are known to have security holes. This is not a big problem for unstable (and mostly for testing) but now woody have become stable.
So I now ask you what you think. Should I upload updated conflicts for woody or should I just let it be as is (the packages are then quite useless in woody). Or should I upload new ones. With which priority and for what distribution name? "woody-proposed-updates", "woody", "woody-security-updates" or what? It would be great if this could be updated along with new DSA:s being released (yes I can hopefully help with this) but it also means that I have to move the CVS for the package (and possibly split it to a flaw-related and a non-flaw-related source package. I have prepared new harden packages (for woody, the sid ones is of course already uploaded) with a updated conflict list (mostly based on the DSA:s) that I could upload anytime. But first I have to ask if this is ok. The woody version differs some from the unstable version because of the fact that different versions is applicable and different version was fixed. Regards, // Ola -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Björnkärrsgatan 5 A.11 \ | [EMAIL PROTECTED] 584 36 LINKÖPING | | +46 (0)13-17 69 83 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------