| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Wim Bertels <wim(dot)bertels(at)ucll(dot)be> |
| Cc: | "pgsql-pkg-debian(at)postgresql(dot)org" <pgsql-pkg-debian(at)postgresql(dot)org> |
| Subject: | Re: separate security tag? |
| Date: | 2025-12-11 11:48:32 |
| Message-ID: | aTqvkMw2Ef6u0hhp@msg.df7cb.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
Re: Wim Bertels
> so the question then becomes:
> could it be possible to have a
> security.postgresql.org
> and
> apt.postgresql.org
We could have separate suites foo-pgdg-security instead.
But I think that doesn't really solve the problem because it has too
many sub-dimensions. Say you switched to the apt.pg.o version of
pgbouncer because you wanted a newer feature. Would you later want
only security updates for it? If someone else switches to it later for
another feature, would we have to maintain pgbouncer-feature1-security
and pgbouncer-feature2-security? For the server packages, the
discussion is similar.
This would be a huge extra effort, and the problem space is already
complicated enough. If you want stable stable, use what is in Debian.
If you want newer versions, go with apt.pg.o.
I already try to mention CVEs in the package changelogs, though
sometimes I miss them. I could try to make sure that happens more
often.
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Wim Bertels | 2025-12-11 14:35:54 | Re: separate security tag? |
| Previous Message | Wim Bertels | 2025-12-11 08:33:32 | Re: separate security tag? |