On Fri, Aug 05, 2005 at 08:22:43AM +0200, Marc Haber wrote: > On Mon, 1 Aug 2005 11:37:11 +0200, [EMAIL PROTECTED] (Marco d'Itri) wrote: > >On Aug 01, "W. Borgert" <[EMAIL PROTECTED]> wrote: > >> On Sun, Jul 31, 2005 at 10:07:10PM +0000, Roland Rosenfeld wrote: > >> > But how do you push the users to remove the package from their > >> > systems? In reality they will keep the broken version installed and > >> > so you have (1) again :-( > >> Empty package with a higher version number? > >And exactly, how this would help our users? > > It will keep them from using a vulnerable version of the software, and > will probably encourage them to get a fixed version from outside > Debian proper (e.g. volatile). >
If there is really no chance to get something new in (or remove them), I would suggest that those packages affected should be allowed to push a minimal patched package to the security archive that tries to warn the users about the potential security problems in the package and how to obtain a new one (e.g. on the default startpage). -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `- http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
