> Those who choose to run unstable choose to take upon themselves > more responsibility/inconvenience, if they are unwilling to bear that > burden they should not run unstable.
To me this sounds like: Every single unstable user must track debian-security-announce. versus: One unstable user should track debian-security-announce, and do a little bit of work to make every other unstable user's life much easier. But tracking d-s-a isn't enough for unstable, since only (I believe) security fixes for packages in stable are reported there. Again, let me ask: Why is there no "security" bug tag? When a security fix is released, we can then have (for stable, tracking d-s-a): 1. Create a bug report with "security" tag, describing the problem. 2. Close the bug report. -itai
