Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?

Hello, On Fri, 21 Jul 2023, Daniel Gröber wrote: > One mention I found is in Raphaël and Roland's DAH (now in CC): > https://debian-handbook.info/browse/stable/sect.apt-get.html#sect.apt-upgrade I also saw your associated bug report. Thanks for highlighting this issue to me. I updated https://sa

Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)

Hi, On Fri, 30 Aug 2019, Alexander Wirt wrote: > > We're not speaking of crap software, we're just speaking of software that > > can't be maintained multiple years by backports of security patches, where > > we get fixes only with new upstream versions (mixed with new features). > I don't want to

Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)

On Fri, 30 Aug 2019, Alexander Wirt wrote: > There were several discussions over the last years. And yes, our vision of > backports does not match the vision of those fastpace/not ready for > stable/whatever you call them repos. In our vision debian-backports consists > of new (tested, as in "is in

Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)

Hi, On Fri, 30 Aug 2019, Pirate Praveen wrote: > Fast Track repo works exactly like current backports except the packages > are added from unstable (or experimental during transitions and freeze) > as they cannot go to testing and hence to current backports. > > As Paul noted earlier, backports t

Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)

(Note: pkg-security@tracker.d.o is not a valid email, dropped) Hi, On Thu, 29 Aug 2019, Holger Levsen wrote: > > In general, we (Debian) don't have a good answer to this problem and > > virtualbox is clearly a bad precedent. We really need to find a solution > > to this in concertation with the r

Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.

Hi, On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote: > The upstream link makes it sound as if they are one of those upstreams > which reject the idea of distributions shipping an older release to > a stable distro. For a tool like radare2 that seems fair enough, so > how about simply excluding it fro

Re: [SECURITY] [DSA 2670-1] wordpress security update

On Wed, 07 Nov 2012, Thijs Kinkhorst wrote: > I think we should do this only when it has been shown that applying the > fixes to the current version in stable(-security) is infeasible. Suppose > now a simple XSS is discovered, I would be very much in favour to just > apply that fix. I would as wel

Re: [SECURITY] [DSA 2670-1] wordpress security update

Hi, On Tue, 06 Nov 2012, Dominic Hargreaves wrote: > On Fri, May 11, 2012 at 10:41:14PM +0200, Yves-Alexis Perez wrote: > > Several vulnerabilities were identified in Wordpress, a web blogging > > tool. As the CVEs were allocated from releases announcements and > > specific fixes are usually not