On Wed, Mar 21, 2007 at 12:23:54AM -0400, Joey Hess wrote: > Andrew Sackville-West wrote: > > it appears to me that there are two paths into testing for security > > fixes: sid or testing security. Is it possible for a security fix to > > bypass sid and make it into testing? > > Yes, but multiple instances of human error would have to be involved for > it to happen, and it would still be marked as unfixed in unstable in the > BTS if this happened. > But is it a forgone conclusion that *every* new security vulnerability is filed as a bug?
I know that occasionally upstream will just fix something for which there was no announced security advisory from anybody. I know that in a case like that (new upsrteam release) the package will of course go into Sid first. My point is that there would be no associated bug. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature