On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:
But this is not always true. Sometimes the DSA reports "For the unstable
distribution (sid) these problems will be fixed soon."
Why this ?
The security team has nothing to do with sid packages. If a fix is ready
when the advisory goes out the security team may add the sid information
as a curtesy, but the lack of a sid package will in no way delay the
advisory.
Are the fixes *always* be applied to sid packages and then backported ?
That never happens, the security HOWTO should rephrase that. I imagine
that the intent is to say that sid may have a new version installed to
fix a problem, but stable will get a backported patch.
Mike Stone