On Tue, Mar 20, 2007 at 04:24:59PM -0400, Joey Hess wrote: > Johannes Wiedersich wrote: > > Security support for etch started around the freeze, IIRC. > > Testing has had security support for several years now. > http://secure-testing-master.debian.net/ > > It doesn't work much like the security support for stable, because > testing is not managed like stable is. Feel free to look at the lists of > known unfixed vulnerabilities in stable and testing, and draw your own > conclusions about which is more secure: > http://security-tracker.debian.net/tracker/status/release/stable > http://security-tracker.debian.net/tracker/status/release/testing
it appears to me that there are two paths into testing for security fixes: sid or testing security. Is it possible for a security fix to bypass sid and make it into testing? Obviously there would be some upstream method for dealing with this... I dug through some of those vulnerabilities and couldn't find any that were fixed in etch but not sid, but it seems like it could happen. please educate me A
signature.asc
Description: Digital signature