Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)

To: debian-devel@lists.debian.org
Subject: Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
From: Jan Nieuwenhuizen <janneke@gnu.org>
Date: 11 Dec 2001 17:02:49 +0100
Message-id: <[🔎] m3zo4prbh2.fsf@appel.lilypond.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20011211062301.E5688@debian.org> (Anthony Towns's message of "Tue, 11 Dec 2001 06:23:01 -0600")
References: <[🔎] Pine.LNX.4.21.0112071345150.11713-100000@higgs.physik.uni-mainz.de> <[🔎] 20011208165359.A17990@blueberry.jellybean.co.uk> <[🔎] m3vgfhr1n0.fsf@appel.lilypond.org> <[🔎] 20011211062301.E5688@debian.org>

Anthony Towns <ajt@master.debian.org> writes:

> >   1.1  Is testing secure?
> 
> That's not a really well formed question.
> 
>     1.1  How are security updates for testing managed?
> 
>     They're not. [...]
> 
> might give a better way of looking at it.

Yes, that's much better.

> Security updates generally go in automatically under the usual
> rules (and security updates should generally be uploaded with high or
> emergency/critical urgency to make sure the wait's as short as
> possible),

Ah, so higher urgencies can have shorter wait times?  Also, 'as short
as possible' is nice, but it doesn't promise anything; you'd want to
know the maximum wait, rather than the minimum.

> but may be delayed either by architectures failing to build them, or
> because of dependency issues.

Ok, and this is excactly what I'm interested in having explained about
testing.  Theoretically, an urgent security fix could have to wait
forever before it enters testing?  Security fixes for non-x86
architectures seem to be even more at risk of a longer wait.

> I don't know of any way to make testing significantly more secure without
> either (a) breaking it, or (b) having some people spend significant amounts
> of time tracking the issues.

Yes, that seems to be the dilemma right now.

Greetings,

Jan.

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond - The music typesetter
http://www.xs4all.nl/~jantien       | http://www.lilypond.org

Reply to:

Follow-Ups:
- Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
  - From: Adrian Bunk <bunk@fs.tum.de>

References:
- Packages in queue for woody?
  - From: "Richard B. Kreckel" <kreckel@ginac.de>
- Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
  - From: Jules Bean <jules@jellybean.co.uk>
- Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
  - From: Jan Nieuwenhuizen <janneke@gnu.org>
- Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
  - From: Anthony Towns <ajt@master.debian.org>

Prev by Date: Re: Bug#123234: Deprecate BTS "close" command?
Next by Date: Re: Bug#123234: Deprecate BTS "close" command?
Previous by thread: Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
Next by thread: Re: Unofficial Debian 'testing' FAQ (was Re: Packages in queue for woody?)
Index(es):
- Date
- Thread