Quoting Andreas (2019-12-30 03:44:43) > > > > Binutils is supported upstream > > > > > > that's reassuring. But were is Debian communicating this important > > > bit of information? > > > I am not so sure that it is reassuring. > > > Question is not if upstream supports their own (continuously changing) > > code, but if the stable code distributed with Debian is supported. > > I was supposing that Mark's answer implied that (against general > policies of debian and for reasons unknown to me) in this case > security changes of upstream would be passed on to debian, even if > binutils is "not covered by security support". If this is (probably?) > not the case, the fact that binutils is supported by upstream of > course is of no help. > > It's difficult to swallow that in *stable* debian should leave its > users alone as to the security of such a central peace of software as > binutils. So I'm still hoping to find out that security updates for > binutils in debian stable are in some (maybe unconventional way) > secured.
If it was secured, then command "check-support-status" in package debian-security-support would not list it as "Not covered by security support". If you are still not convinced, then I recommend that you ask Debian security team for further clarification rather than your fellow Debian users here. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature