Page 1 of 1

LMDE and Security Updates Availability

Posted: Sat Nov 05, 2011 12:41 pm
by ElderDryas
This is a theoretical question, not necessarily applicable to any current situation.

I'm using LMDE-XFCE tracking Latest. I understand the concept behind the 3 tier tracking (and, for what it's worth, think it's a reasonable response), and I understand the current situation with respect to the lack of the normal (?) month-ish updates.

My question is: When a "security update" floats down from the upstream sources, one that is at least a "high impact" update (say, a major Flash vulnerablity, just for example), will the LM team issue an update outside the normal Update Pack cycle, or hold it for the normal UP release?

Re: LMDE and Security Updates Availability

Posted: Sat Nov 05, 2011 10:31 pm
by zerozero
hi,
the concern with the security updates and the update-packs was discussed here some time ago;

the most important part of it is (imho) this:
Clem Says:
September 28th, 2011 at 3:24 pm

@Rovanion: We’ve always favored stability over security. If a security issue is important enough that it requires immediate action we can push it ourselves via the LM repos, or even trigger a new Update Pack just to pick it up.

Re: LMDE and Security Updates Availability

Posted: Sun Nov 06, 2011 12:22 am
by ElderDryas
Fair enough.

Not sure I totally agree with "stability over security", though. This makes one wonder what the threshold is?

Sorry I missed that thread, the title did not trigger my attention during a search for the answer to my question.

Re: LMDE and Security Updates Availability

Posted: Mon Nov 07, 2011 9:18 pm
by zerozero
Not sure I totally agree with "stability over security"
+1

Re: LMDE and Security Updates Availability

Posted: Tue Nov 08, 2011 6:43 pm
by edgarkls

Code: Select all

Not sure I totally agree with "stability over security"

+1
add me in. +2

Re: LMDE and Security Updates Availability

Posted: Thu Nov 17, 2011 11:19 am
by Miloose
+1

If there is one crash in a while with LMDE, it will not be a big issue as long as it is repidly corrected (which is usually the case with Debian). But if there is an attack due to security breachs left open during several weeks, it's the credibility of LMDE that will be attacked.