Most other OS vendors are willing to make updates for errata beyond simple security updates. Often this means minor updates to software packages like web browsers. I believe the community will be better able to help us prepare e.g. bug-free firefox 1.0.5 packages than it will to produce 1.0.4+security packages. I believe these updated packages should be tested as thoroughly as possible and released via security.debian.org and included in the next sarge revision. As an administrator of several hundred Debian workstations, all of which include mozilla, firefox, and thunderbird, I can say that I'd rather see 1.0.5 than see nothing at all, or (IMO just as bad) unofficial packages distributed outside the official Debian update channels.
Whatever solution we choose, I believe it is very important for us to do it within Debian and not rely on backports or some other unofficial channels. As Debian developers, it is our duty to solve this problem, and simply kicking the packages out of Debian or ignoring them from the point of view of updates and security is really no solution at all. noah
signature.asc
Description: Digital signature
