On Wed, 2010-05-19 at 01:59 +0900, Osamu Aoki wrote: > Hi, > > On Tue, May 18, 2010 at 12:11:20PM -0400, John A. Sullivan III wrote: > > On Wed, 2010-05-19 at 00:34 +0900, Osamu Aoki wrote: > > > On Mon, May 17, 2010 at 11:07:10AM -0500, Mark Allums wrote: > > > > On 5/17/2010 10:43 AM, Andrei Popescu wrote: > > > > >On Mon,17.May.10, 10:29:57, Mark Allums wrote: > > > > > > > > > >>Backwards. Sid gets no security, AT ALL. Testing get some. > > > > > > > > > >If some issue is fixed for stable the fix is also applied for unstable, > > > > >unless the maintainer is unresponsive or so. In practice this means > > > > >that > > > > >unstable can be in better shape then testing at times. > > > > > > > > > >Regards, > > > > >Andrei > > > > > > > > Thank you. This is contrary to what the main Debian site says in > > > > multiple places, but it is plausible. Good to know. > > > > > > Could you be more specific where you saw them or where you got this > > > impression? So we can make corrective action to reduce confusion. > > > > > > (Sid gets no corresponding "security" repository like > > > stable/updates nor testing/updates because we can upload directly to it > > > any time.) > > > > > > I am thinking to add text to Debian reference to reduce such confusion. > > > > > > Now: > > > If "sid" is used in the above example instead of "lenny", the "deb: > > > http://security.debian.org/ …" line for security updates in the > > > "/etc/apt/sources.list" is not required. Security updates are only > > > available for stable and testing (i.e., lenny and squeeze). > > > > > > (I should have explained better.) > > > > > > New: > > > If "sid" is used in the above example instead of "lenny", the "deb: > > > http://security.debian.org/ …" line for security updates in the > > > "/etc/apt/sources.list" is not required. This is because "sid" > > > (unstable) is always updated whenever security issues are fixed. There > > > is no need to have a separate security update archive for "sid". > > <snip> > > Hmm . . . to someone not more familiar with Debian practices, the new > > version seems more confusing. > > ???? > > > I would read that and think that Sid is > > very secure because it always has the latest security fixes. > > Yes, that what I mean. This is true. > > > If that's > > not what we mean, then perhaps the current version needs only slight > > revision for clarity, e.g., > > English improvement welcome along the reality. > > Sid is secure since security team usually upload fixed packages to both > stable/updates and unstable. (Or simply uploading updated upstream fixes > unstable whilr stable needs DD to fix by a special patch.) > > They tries or trying to do the same for testing but resource limitation > is holding them back. > > Ah, then I misunderstood your previous message to mean Sid did not have the latest and greatest security. Please disregard my babble then :( Thanks - John
-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1274202600.20211.15.ca...@family.pacifera.com
