testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)

To: debian-devel@lists.debian.org
Subject: testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)
From: Nathanael Nerode <neroden@twcny.rr.com>
Date: Wed, 18 Feb 2004 16:54:34 -0500
Message-id: <[🔎] 200402181654.34590.neroden@twcny.rr.com>

Anthony Towns wrote:
>On Sat, Feb 14, 2004 at 11:06:39AM -0700, Jamin W. Collins wrote:
>> On Sun, Feb 15, 2004 at 03:28:54AM +1000, Anthony Towns wrote:
>> > It's fine that he feels blocked. I feel blocked from getting testing
>> > working as well as it should because the security team aren't willing
>> > to support it. Every now and then I try to convince them to change
>> > their minds. So far they haven't, and don't look like ever doing so,
>> > but that doesn't make them bad people, and no matter what I want a
>> > difference answer, or how much I might know about their job, they're
>> > the ones in the best position to make that call. And until I do the
>> > job myself or convince someone else to do it, and demonstrate that
>> > it's doable, I've got no cause to expect _any_ assistance from the
>> > security team.
Exactly -- as opposed to the situation with wanna-build, where people offering 
buildds have cause to expect assistance from the wanna-build access 
controller.  *sigh*

>>> I'm assuming that when you attempt to convince them there is at least
>>> some two way conversation?
>
>I've asked in the past, I've been told that they don't have
>time. Nothing's changed since then to change that conclusion, so I haven't
>asked again.
I believe that the official policy is that package maintainers -- or even 
NMUers -- can offer security updates for their 'testing' packages, and send 
them to testing-proposed-updates, correct?  This at least allows security 
updates for 'testing' when the security update for 'unstable' is unlikely to 
make it in soon.  It is also a reasonable way distribute the work.  Or am I 
mistaken about this?

And ... someone ... has authority, ability, and time to look through 
testing-proposed-updates and put things directly into testing, I hope?  
Actually, does anyone, and if so who?  If not, I see the problem....

> People outside of the security team have offered to help,
>but none of them have actually gotten beyond the point of offering to
>actually do anything. I believe the last time we would've discussed this
>was in 2002, and probably then as an aside on a thread in -private.

Reply to:

Follow-Ups:
- Re: testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: Python or Perl for a Debian maintainance project?
Next by Date: Re: Debian needs more buildds. It has offers. They aren't being accepted.
Previous by thread: Re: zless?
Next by thread: Re: testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)
Index(es):
- Date
- Thread