Anthony Towns wrote: > > What I'm wondering is if there is some prodedure we can put in place to > > facilitate the security team in making announcements of security fixes. > > Isn't this essentially the point of setting urgency to "high" in > debian/changelog?
Well, your idea of looking at, and consistently using urgency=high for security updates would make it eaiser for the team to find them. But that's only the first step -- they have to generate an advisory, and for that they have to know what versions the security hole was in, how severe it is, and a general description of it. That's why I thought a template listing those items might be a good idea. (I've also used urgengy=high for updates that fixed very important but non-security-related things.) -- see shy jo
