Matt Zimmerman <[EMAIL PROTECTED]> writes: > On Mon, Sep 30, 2002 at 10:57:18AM +0900, Olaf Meeuwissen wrote: > > > Olaf Meeuwissen <[EMAIL PROTECTED]> (that's me!) writes: > > > > > Dear .debs, > > > > > > I recently wanted to apply security updates to a machine I'd installed > > > from woody pre6 CDs, hardened and upgraded to woody proper. [...] > > > > > > Before applying the upgrades I checked whether there was a DSA for the > > > packages that were going to be upgraded. Surprise, there were several > > > that did not (seem to) have a corresponding DSA. > > > > > > Question: Is that normal and OK? > > This is normal in general, as the stable distribution is updated from time > to time by point releases, which fix critical non-security bugs. However, > woody has not received such an update as yet.
I'd say critical non-security bug fixes should go to proposed-updates, but that's debatable. Nevertheless, I'd expect a DSA for everything that ends up in deb http://security.debian.org/ stable/updates main > > I looked into this a bit more and from the changelogs it seems that it > > really concerned security upgrades. In the case of fetchmail-ssl, the > > woody release shipped with 5.9.11-5, the upgrade is 5.9.11-6 and the > > changelog says: > > Why do you say that woody released with 5.9.11-5? I believe woody released > with 5.9.11-6. Perhaps you did not upgrade all packages to the final woody > versions, and you had an older version from 'testing'? 5.9.11-6 is both in the Packages file for woody and the security updates as I noted in another mail to the list. This got me mixed up. > > For the KDE packages I found out that they all come from the same > > source package: kdenetwork. The woody release shipped 4:2.2.2-14, the > > upgrade is 4:2.2.2-14.0woody1 and the changelog says: > > [...] > > Likewise here. I (as well as Peter Mathiasson in his) see 4:2.2.2-14 in my Packages file for woody. security.d.o has 4:2.2.2-14.0woody1. For the record, I apt-get update'd yesterday from ftp.jp.debian.org, a primary mirror. -- Olaf Meeuwissen EPSON KOWA Corporation, ECS GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH