Re: Relaxing testing requirements (was: summarising answers toVancouver critique)

To: debian-devel@lists.debian.org
Subject: Re: Relaxing testing requirements (was: summarising answers toVancouver critique)
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Sat, 19 Mar 2005 09:47:13 -0600
Message-id: <[🔎] 20050319154713.GB13228@gwolf.org>
In-reply-to: <[🔎] 20050318115754.GA13144@localhost.localdomain>
References: <20050314044505.GA5157@mauritius.dodds.net> <"20050316115031.GC533 0"@finlandia.infodrom.north.de> <[🔎] 200503161923.31681@zion.black.co.at> <"2005031 7155148.GA28678"@localhost.localdomain> <[🔎] 20050317172743.GM12322@mails.so.argh.org> <[🔎] 20050318092117.GA23569@localhost.localdomain> <[🔎] 20050318115754.GA13144@localhost.localdomain>

martin f krafft dijo [Fri, Mar 18, 2005 at 12:57:54PM +0100]:
> > The security team is under-staffed *now*, AFAICT; and you want to increase
> > their workload for etch on the assumption that nothing bad will come of it?
> 
> No, I said we should stock the security team, which I meant to read
> as: add more man-power.

Why has this not happened yet? This has been a known problem for quite
a long time...

The answer is simple: Not everybody can become a security team member,
the required technical skills are quite high. There is a VERY high
commitment requirement as well, so even some of the skilled people do
not become part of the security team. Besides _that_, most people
agree that creating new code is more fun than patching existing code,
so even less people step into that position.

Remember this is a volunteer project. I know of no extra volunteers
willing to take up such a task as Security. You repeatedly talk about
adding man-power to it. So... Are you in?

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)1451-2244 / 5554-9450
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Reply to:

Follow-Ups:
- Security work in Debian (Was: Relaxing testing requirements)
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- summarising answers to Vancouver critique (was: Re: Bits (Nybbles?) from the Vancouver release team meeting)
  - From: David Schmitt <david@schmitt.edv-bus.at>
- Re: Relaxing testing requirements (was: summarising answers to Vancouver critique)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Relaxing testing requirements (was: summarising answers to Vancouver critique)
  - From: martin f krafft <madduck@debian.org>
- Re: Relaxing testing requirements (was: summarising answers to Vancouver critique)
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Required firewall support
Next by Date: Re: The 98% and N<=2 criteria (was: Vancouver meeting - clarifications)
Previous by thread: Re: Relaxing testing requirements (was: summarising answers to Vancouver critique)
Next by thread: Security work in Debian (Was: Relaxing testing requirements)
Index(es):
- Date
- Thread