Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> On Wed, May 14, 2003 at 10:07:16AM +0300, Chris Leishman wrote:
[vulnerable packages like samba are distributed in testing]
>> Actually - I didn't suggest this. I suggested there should be some
>> consensus on what to do about security problems in testing - my main
>> suggestion is that packages should be simply removed and the user notified
>> of what actions they can do to get it back (such as upgrading to an
>> unstable version, downgrading to a stable version, or fixing the bugs).
> I think that users would react rather negatively to having packages (ones
> that they use) effectively disappear from their system, but the only way to
> be certain is to experiment with the process. You can easily simulate this
> by providing dummy packages in a private repository.
[...]
... but be careful to include the conffiles of the real package in
the dummy-packages - otherwise you'll probably break dpkg-conffile
handling.
cu andreas
