Re: separate security tag?

Re: Wim Bertels
> so the question then becomes:
> could it be possible to have a
> security.postgresql.org
> and
> apt.postgresql.org

We could have separate suites foo-pgdg-security instead.

But I think that doesn't really solve the problem because it has too
many sub-dimensions. Say you switched to the apt.pg.o version of
pgbouncer because you wanted a newer feature. Would you later want
only security updates for it? If someone else switches to it later for
another feature, would we have to maintain pgbouncer-feature1-security
and pgbouncer-feature2-security? For the server packages, the
discussion is similar.

This would be a huge extra effort, and the problem space is already
complicated enough. If you want stable stable, use what is in Debian.
If you want newer versions, go with apt.pg.o.

I already try to mention CVEs in the package changelogs, though
sometimes I miss them. I could try to make sure that happens more
often.

Christoph