Dear .debs, I recently wanted to apply security updates to a machine I'd installed from woody pre6 CDs, hardened and upgraded to woody proper. That is, the machine is up-to-date with respect to
deb ftp://ftp.debian.org/debian stable main deb ftp://non-us.debian.org/debian-non-US stable/non-US main and iptables drops everything but DNS to my provider's DNS servers and HTTP (drops incoming connection requests). # There's some more to the hardening bit, but that's not relevant. Before applying the upgrades I checked whether there was a DSA for the packages that were going to be upgraded. Surprise, there were several that did not (seem to) have a corresponding DSA. Question: Is that normal and OK? Packages in question are, amongst others, fetchmail-ssl, kmail, kppp, korn, kit ksirc and several other KDE packages. Since there are DSA's for openssl and kdelibs, my guess is that the aforementioned packages are "just" recompiles against the fixed libraries. Should there not be DSA's for that as well? After all, the package seems to be affected by the security issue to some extent (otherwise recompilation is rather pointless). TIA, -- Olaf Meeuwissen EPSON KOWA Corporation, ECS GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]