> > It would be very helpful if there was a pseudo-package that conflicted > > with packages that have known security problems that have been fixed in a > > later version. That way one could do a regular 'apt-get install > > task-unstable-security-updates' and cause the upgrade of all the > > conflicting packages that are currently installed on your system.
Seems like a great idea to me. If the BTS had a "security" tag, then this could be done automatically. A quick look through the debian-devel archives, and I can't find discussion of this tag. Was there some reason it wasn't introduced? > > Is that possible? Would the security team be willing to maintain such a > > pseudo-package? > > Not really. Our priority is stable; security fixes make it to unstable > somewhat haphazardly, especially for more obscure architectures. The > maintenance cost on something like this is prohibitively high. > > The answer is just to watch one single list - debian-security-announce. > That's what it's for :) I'm not sure I understand the reasoning here. If the answer is to watch the debian-security-announce list, then what prevents someone watching the list from maintaining the proposed virtual package? -itai
