In <pan.2010.11.05.08.38...@gmail.com>, Camaleón wrote: >On Fri, 05 Nov 2010 00:30:11 -0500, Boyd Stephen Smith Jr. wrote: >> There is a third choice, I guess: Ship firefox / thunderbird in >> non-free. Support for non-free is best-effort, which basically means >> that if upstream is willing to fix it then the security team / >> maintainers will package it. This basically results in Debian stable's >> non-free containing software with known security vulnerabilities that >> Mozilla is unwilling to fix. > >How about "volatile"? :-? > >ClamAV packages are there for that precisely reason (they need to be >updated -security fixes- very often).
Firstly, only packages that are already in the official repository are included in volatile. Second, volatile is for packages that need frequent, non-security updates to maintain functionality (at least in the eyes of some users). (Updating the virus signature database is not considered a security update.) Thirdly, the policy of no new upstream versions after release isn't changed for volatile. (It is changed for volatile-sloppy.) Finally, updating the Debian package *more often* is the opposite of coming into trademark compliance. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
