Security update process without CVEs

Kevin Kofler kevin.kofler at
Fri Jan 24 12:25:25 UTC 2014

Christopher Meng wrote:
> Which poor sod will be the victim in 7 days at least before pushing to
> stable? ;)
> Then comes another question, does security updates need to be treat as
> special? It's just an original update with a tag "security alert", but
> users still need to wait 7 days unless they enable updates-testing.

Indeed, critical security updates really need to go directly to stable.

We need direct stable pushes back!

        Kevin Kofler

More information about the devel mailing list