Web lists-archives.com

Re: What can Debian do to provide complex applications to its users?




On Wed, 21 Feb 2018, Vincent Bernat wrote:

>  ❦ 21 février 2018 07:07 +0100, Alexander Wirt <formorer@xxxxxxxxxx> :
> 
> > No, backports doesn't have official security support in the meaning that
> > the team is tracking and looking after security issues in backports.
> > Nevertheless every backporter has to care about security, we do expect that
> > uploaders care about their packages - this does of course include security
> > support.
> 
> The net result for our users is that backports should not be expected to
> be up-to-date with security. It took me approximately one minute to go
> through latest DSA to find an example: Exim in backports is
> 4.89-2+deb9u1~bpo8+1. 4.89-2+deb9u2 has been uploaded in
> December. 4.89-2+deb9u3 has been uploaded in February.
yes, you are completely right. The maintainers responsibility was to upload
this package which he didn't. I just wanted to make the parameters of the
"best effort approach" clear. 

Alex

Attachment: signature.asc
Description: PGP signature