Re: [all candidates] Advertising testing and security support

To: debian-vote@lists.debian.org
Subject: Re: [all candidates] Advertising testing and security support
From: Jérémy Bobbio <lunar@debian.org>
Date: Sat, 23 Mar 2013 13:00:16 +0100
Message-id: <[🔎] 20130323120016.GA27498@loar>
Mail-followup-to: debian-vote@lists.debian.org
In-reply-to: <[🔎] 514C4993.3040005@debian.org>
References: <[🔎] 20130319225257.GB6028@loar> <[🔎] 514C4993.3040005@debian.org>

Arno Töll:
> On 19.03.2013 23:52, Jérémy Bobbio wrote:
> > Given that our security support for stable is already not as best as
> > it could be, do you think we should encourage volunteers to be more
> > active in security support for testing?
>
> With due to respect, I disagree. From a user's perspective who
> occasionally interacts with the security team, I beg to differ. The
> security team does a great job, and their work is reliable, trustworthy
> and mostly invisible (which is what it should be, nobody wants to deal
> with conflicting/problematic upgrades during a security update).
> 
> Of course, everything could always be improved - for example I'd like to
> have longer stable support cycles - but given the limited and restricted
> manpower, the result is great.
> 
> I find your remaining judgment of the security team rather insulting
> than an opening of a discussion which is by no means constructive.

This was very ill-worded. Please accept my apologies if I have offended
anyone. Feel free to take the banjos out if you need compensation.

The security team is doing an amazing and fabulous job. Huge kudos to
Yves-Alexis, Dann, Florian, Raphael, Giuseppe, Moritz, Martin, Luciano,
Luk, Nico, Stefan, Thijs.

One of the team great achievements is to tirelessly track which issues
are affecting Debian. And according to the tracker, there's close to 100
packages with open issues in stable at the moment:
<https://security-tracker.debian.org/tracker/status/release/stable>.
That is what I was referring to.

The Debian archive is amazingly large so that is to be expected.
Security issues are not the sole responsability of the security team:
maintainers sometimes also have a hard time backporting fixes to a two
year old code base.

Given the stable security level could probably be enhanced with some
more brains, I was wondering about the security aspect of the "testing
as rolling" plans.

Again, truly sorry if anyone felt disheartened by my previous message.

-- 
Jérémy Bobbio                        .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- [all candidates] Advertising testing and security support
  - From: Jérémy Bobbio <lunar@debian.org>
- Re: [all candidates] Advertising testing and security support
  - From: Arno Töll <arno@debian.org>

Prev by Date: Re: [all candidates] Advertising testing and security support
Next by Date: Re: [all candidates] discussions in -devel
Previous by thread: Re: [all candidates] Advertising testing and security support
Next by thread: Re: [all candidates] Advertising testing and security support
Index(es):
- Date
- Thread