On Wed, Feb 4, 2015 at 8:09 PM, Stephen Dowdy wrote:
> So, if a user installs said package, but fails to notice any EOL DSA
> on it, the package gets left in place in a potentially VULNERABLE
> state. I.E. if a known exploit comes out, and the package is still
> installed, the end-user could get a
On Wed, Feb 4, 2015 at 3:38 PM, Paul van der Vlis wrote:
>> The backports team expects backporters to have demonstrated competence
>> with the packages that they're planning to upload. Anyone considering
>> this should first get involved with the package maintenance teams
>> first and help with a
(after contemplating a possible 'chromium' thread hijack, i figured
this should be a new thread)...
I see a definite problem with the way that package security support
gets end-of-lifed in Debian-Stable.
Not just chromium and other browsers, but the JDK/JRE packages,
historically, as well. I'm n
Hi,
On Donnerstag, 5. Februar 2015, Paul van der Vlis wrote:
> Iceweasel support for oldstable stopped at 24 Mar 2009:
> Icedove support for oldstable stopped at 12 Jul 2009:
> Icedove security support for oldstable stopped at 09 Mar 2011:
> The security support of Iceweasel for oldstable stopped
Hi Mike,
Thanks for your good work for Debian!
Op 04-02-15 om 23:48 schreef Mike Hommey:
>> In the past, Iceweasel and Icedove never had a year security support
>> after a new release.
>
> I'm curious to know where that's coming from. Iceweasel and Icedove have
> always received security support
On Wed, Feb 04, 2015 at 09:38:17PM +0100, Paul van der Vlis wrote:
> Op 04-02-15 om 15:40 schreef Michael Gilbert:
> > On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote:
> >> I think it's a good idea to do a backport of the build-system after
> >> freeze-time of testing. Then we know what th
Op 04-02-15 om 15:40 schreef Michael Gilbert:
> On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote:
>> I think it's a good idea to do a backport of the build-system after
>> freeze-time of testing. Then we know what the new build-environment is
>> for the coming release.
>>
>> I can understan
* Russell Coker:
> On Sun, 1 Feb 2015 11:18:43 PM Paul Wise wrote:
>> chromium was already being backported to wheezy for security updates,
>> the latest versions need newer compilers so we can't backport any
>> more.
>
> Why can't we backport the compilers too?
You'd have to replace the system l
On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote:
> I think it's a good idea to do a backport of the build-system after
> freeze-time of testing. Then we know what the new build-environment is
> for the coming release.
>
> I can understand that Michael does not have the time and motivation
9 matches
Mail list logo
