On Wed, May 14, 2003 at 10:07:16AM +0300, Chris Leishman wrote: > Actually - I didn't suggest this. I suggested there should be some > consensus on what to do about security problems in testing - my main > suggestion is that packages should be simply removed and the user > notified of what actions they can do to get it back (such as upgrading > to an unstable version, downgrading to a stable version, or fixing the > bugs).
This isn't possible in general; when mysql has a security problem you can't just tell people to (a) not use it, or (b) just run the unstable/stable version anyway, in spite of whatever reasons they based their decision to use testing on in the first place. We already know the right way of dealing with security bugs; we do it for our stable releases. If you care about security and testing, all you have to do is the same thing that's being done there. It's really that simple. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!''