Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Installing mailcrypt on security.debian.org would immediately suggest
> that mailcrypt itself has a security problem, which is not true.
> It's a bit of a catch 22.
Well, this is a general problem then, which the security team should
think about. The fact that mailcrypt is in contrib means it's a
little less important in this particular case, but nontheless, it's a
real problem.
Debian is about a *distribution* and not a random assemblage of
.deb's. The security team exists to support the rapid response to
security needs for the *distribution*, and not just one package.
So my premise is that a user who tracks stable and security should
benefit from security fixes. When the security team does what was
done with gnupg, the *distribution* has not gotten decent security
support, even if one package has.
Perhaps one solution is to split the security archive into two pieces;
one for the actual packages that have security holes, and another for
other packages that must be installed on a stable system in order to
take advantage or otherwise use fully the former.
Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]