On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote: > (1) keep vulnerable packages in stable, > (2) remove affected packages from distribution, > (3) allow new upstream into stable. ... > What do you think on this?
I'ld "vote" for (2), maybe with the goal of creating pressure towards upstream to take security more serious. Don't forget: The new versions will bring trouble to our poor users, as it's not API nor ABI compatible, has different bugs, etc. Can't Debian + Ubuntu + ... create enough demand for useful security patches? Remember the KDE/Qt licensing discussion... (3) is second best. At least typical server installations are not affected (we use w3m, don't we?) and desktop users are used to frustration anyway. (1) is not an option. Cheers, -- W. Borgert <[EMAIL PROTECTED]>, http://people.debian.org/~debacle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
