* dapper-backports: something that I as a dapper user assume is optional to subscribe to, and which if subscribed to, gives me new features, etc.
* dapper-security: something that I as a dapper user assume is effectively mandatory to subscribe to, and which if subscribed to, gives me *all necessary* security fixes.
If I understand these correctly, this hole requires that a fixed version go in dapper-*security*; any upload of a new version to dapper-backports is just a nicety and not mandatory.
So what I should be doing, if I understand the two channels correctly, and if the bug is severe enough, is to add a dapper-security task to this bug. Is that correct?
Hrm. Let me clarify the terminology a bit, then:
* dapper-backports: something that I as a dapper user assume is optional to subscribe to, and which if subscribed to, gives me new features, etc.
* dapper-security: something that I as a dapper user assume is effectively mandatory to subscribe to, and which if subscribed to, gives me *all necessary* security fixes.
If I understand these correctly, this hole requires that a fixed version go in dapper-*security*; any upload of a new version to dapper-backports is just a nicety and not mandatory.
So what I should be doing, if I understand the two channels correctly, and if the bug is severe enough, is to add a dapper-security task to this bug. Is that correct?