On Fri, May 16, 2003 at 09:30:46AM -0400, Matt Zimmerman wrote:
> > Yes, and funnily enough, uploads to -p-u have to be processed by the
> > release manager, either Joey for stable, or me for testing. How's the
> > phrase go? "You suggest distributing the workload, and your concrete
> > suggestions are exactly the opposite of that."
> "So add people." See where this is going?
> With t-p-u, any maintainer can upload their package, review the build logs,
> fix any problems, re-upload, etc. Why would you want the security team to
> do this instead?
One of the paragraphs you didn't quote answered that question:
> > Again, the security architecture is there for a reason: it's so
> > we have a quick, effective way to get security updates out and
> > so we can prepare security updates before they've been publically
> > announced. testing-proposed-updates simply does not manage either of
> > those things, just as stable-proposed-updates doesn't.
security.debian.org is setup for security updates -- it's specifically
designed to get them out as quickly as possible, to announce them,
and to keep the secret if they've not been widely announced.
I don't care if *you* are the person that's doing it, or if it's some
complete newbie to the security team; what I do care about is not wasting
or unnecessarily duplicating the infrastructure we've specifically
designed for this job.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Dear Anthony Towns: [...] Congratulations --
you are now certified as a Red Hat Certified Engineer!''
Attachment:
pgpGNEUcDhYjK.pgp
Description: PGP signature