tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Bulk packages and security updates



I only remove packages for security issues when new, updated ones have
been made and uploaded.

I don't think we should do that, unless we remove all packages for which
there is an updated version, for any kind of bugfix.  Basically if we
are trying to deny code to someone because of a security concern, I
think we're doing it wrong.

I don't understand. What does "trying to deny code" mean here? Are you saying that after sudo got updated from 1.9.16p2nb2 to 1.9.17p1, the sudo-1.9.16p2nb2 binary packages should be kept along with 2025Q2 packages?

And yes, I think we should remove all packages for which there is an updated version. When updates like php8{1,2,3,4}, is there a reason to keep the old ones?

I always thought that if a change is important enough to have a pullup, it's important enough to have the new version in the current quarter's collection.

John


Home | Main Index | Thread Index | Old Index