-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Mittwoch, 5. Februar 2003 12:12 schrieb Paul Cupis: > If you want to run testing and get security updates, then either help > ensure the that glibc gets into testing in good time (et cetera) so that > security uploads into sid move into testing with only a 2 day delay, or > keep an eye on the security problems and temporarily pull the fixed > packages from sid until they move into testing themselves.
That's what I do currently. Security-Announcement lack one thing, though: the use the name for the source package, not the one for the binary package. E.g. the latest dhcp3 issue was only with dhcp3-relay, not all dhcp3 packages. But e.g. the newer cups packages was a little bit more work, because pulling that one also involved gs-esp, puh. BTW: what would be the "amount of additional work"? Mostly, the fixed packages compile in testing without a hick and thus the packages would only have to be compiled. I always thought that this was kind of automated... BTW: what is all this fuzz about libc6-2.3? Are there any package that actually _requires_ this newer lib? No? Then why holding back? gcc-transition? But what about the non-C++ packages? Strange... HS - -- Mein GPG-Key ist auf meiner Homepage verfügbar: http://www.hendrik-sattler.de oder über pgp.net PingoS - Linux-User helfen Schulen: http://www.pingos.schulnetz.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+QS44zvr6q9zCwcERAlaXAJ4jM3L9Y5/Mv8JLZQso4bMobU0uRgCeJ+PC N92kUZ1uj8weKLhsdJoVpHA= =rhQZ -----END PGP SIGNATURE-----