Thomas Bushnell BSG <tb@becket.net> writes: > If a security bug were found in the afs client-side package, which is > implemented as a kernel module, would the announcement not look just > like the one we saw for DSA 1458-1? Correct. See, for example: http://www.debian.org/security/2007/dsa-1271 and note the third paragraph. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>