W. Borgert <[EMAIL PROTECTED]> wrote: >> (1) keep vulnerable packages in stable, >> (2) remove affected packages from distribution, >> (3) allow new upstream into stable.
> I'ld "vote" for (2), maybe with the goal of creating pressure > towards upstream to take security more serious. But how do you push the users to remove the package from their systems? In reality they will keep the broken version installed and so you have (1) again :-( Tschoeeee Roland -- * [EMAIL PROTECTED] * http://www.spinnaker.de/ * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]