Re: Re: how to apply DSA-2157-1
thank you for your prompt response. Edoardo -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d50159d.30...@aspix.it
Some obsolete packages on squeeze-security
Hi, squeeze-security (i386 at least) has the following binary packages which are not in squeeze. They are therefore selected as candidates for install even though they represent an unmaintained branch of code. The i386 packages are listed by way of illustration, although the analysis should perhaps be done for the other archs too. They (at minimum) should probably be removed from squeeze-security (all the other packages were also older than their squeeze counterparts, so should be removed too, which would save the exhaustive analysis on per-binary-package case). This is particularly likely to cause problems for people upgrading, where the obsolete packages are more likely to be selected. gs-aladdin gs kvm-source linux-doc-2.6.30 linux-headers-2.6.30-2-486 linux-headers-2.6.30-2-686-bigmem linux-headers-2.6.30-2-686 linux-headers-2.6.30-2-all-i386 linux-headers-2.6.30-2-all linux-headers-2.6.30-2-amd64 linux-headers-2.6.30-2-common linux-image-2.6.30-2-486 linux-image-2.6.30-2-686-bigmem linux-image-2.6.30-2-686 linux-image-2.6.30-2-amd64 linux-manual-2.6.30 linux-patch-debian-2.6.30 linux-source-2.6.30 linux-support-2.6.30-2 linux-tree-2.6.30 openoffice.org-l10n-lo Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110207171845.ge4...@urchin.earth.li
Re: Some obsolete packages on squeeze-security
Hi Dominic, On Mon, February 7, 2011 18:18, Dominic Hargreaves wrote: squeeze-security (i386 at least) has the following binary packages which are not in squeeze. They are therefore selected as candidates for install even though they represent an unmaintained branch of code. The i386 packages are listed by way of illustration, although the analysis should perhaps be done for the other archs too. Thanks for reporting this. That obsolete packages are not cleaned from the security archive is a known issue which also posed problems for Lenny (e.g. libapache-mod-php4 still present while Apache 1.x had been removed, which caused repeated bugreports and people keeping obsolete packages installed). We've brought this to the attention of the ftpmasters in the past but as it seems they unfortunately didn't yet find the time to solve this structurally, e.g. through a periodic cleaning operation of sorts. I do not blame them for this as they've done tremendous amounts of other work for the security archive last year, and you can't do everthing. FTPmasters: can you please remove below mentioned packages from squeeze-security? A permanent solution would of course be even greater! Thanks, Thijs They (at minimum) should probably be removed from squeeze-security (all the other packages were also older than their squeeze counterparts, so should be removed too, which would save the exhaustive analysis on per-binary-package case). This is particularly likely to cause problems for people upgrading, where the obsolete packages are more likely to be selected. gs-aladdin gs kvm-source linux-doc-2.6.30 linux-headers-2.6.30-2-486 linux-headers-2.6.30-2-686-bigmem linux-headers-2.6.30-2-686 linux-headers-2.6.30-2-all-i386 linux-headers-2.6.30-2-all linux-headers-2.6.30-2-amd64 linux-headers-2.6.30-2-common linux-image-2.6.30-2-486 linux-image-2.6.30-2-686-bigmem linux-image-2.6.30-2-686 linux-image-2.6.30-2-amd64 linux-manual-2.6.30 linux-patch-debian-2.6.30 linux-source-2.6.30 linux-support-2.6.30-2 linux-tree-2.6.30 openoffice.org-l10n-lo Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110207171845.ge4...@urchin.earth.li -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/78f4ad20ba597b966dd6cb541ab38cee.squir...@wm.kinkhorst.nl
Some obsolete packages in squeeze-security
[reposting to ftpmaster on request] Hi, squeeze-security (i386 at least) has the following binary packages which are not in squeeze. They are therefore selected as candidates for install even though they represent an unmaintained branch of code. The i386 packages are listed by way of illustration, although the analysis should perhaps be done for the other archs too. They (at minimum) should probably be removed from squeeze-security (all the other packages were also older than their squeeze counterparts, so should be removed too, which would save the exhaustive analysis on per-binary-package case). This is particularly likely to cause problems for people upgrading, where the obsolete packages are more likely to be selected. gs-aladdin gs kvm-source linux-doc-2.6.30 linux-headers-2.6.30-2-486 linux-headers-2.6.30-2-686-bigmem linux-headers-2.6.30-2-686 linux-headers-2.6.30-2-all-i386 linux-headers-2.6.30-2-all linux-headers-2.6.30-2-amd64 linux-headers-2.6.30-2-common linux-image-2.6.30-2-486 linux-image-2.6.30-2-686-bigmem linux-image-2.6.30-2-686 linux-image-2.6.30-2-amd64 linux-manual-2.6.30 linux-patch-debian-2.6.30 linux-source-2.6.30 linux-support-2.6.30-2 linux-tree-2.6.30 openoffice.org-l10n-lo Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110207181333.gf4...@urchin.earth.li