Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED

To: Jan Ingvoldstad <frettled@gmail.com>
Cc: Adrian Bunk <bunk@debian.org>, Alexander Wirt <formorer@formorer.de>, Scott Kitterman <debian@kitterman.com>, debian-backports@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>, debian-admin@lists.debian.org
Subject: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 24 May 2017 11:55:45 +0200
Message-id: <[🔎] 20170524095545.ofrazxqhhwemei62@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Jan Ingvoldstad <frettled@gmail.com>, Adrian Bunk <bunk@debian.org>, Alexander Wirt <formorer@formorer.de>, Scott Kitterman <debian@kitterman.com>, debian-backports@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>, debian-admin@lists.debian.org
In-reply-to: <[🔎] CAEffzkxnoVgKCEX67F9MQee0ienvE0oAQ5PRvMFAgdw4xo-abA@mail.gmail.com>
References: <E1dDBZF-0005ji-5b@fasolo.debian.org> <[🔎] 20170523155431.djcji5wm3rypwf52@home.ouaza.com> <[🔎] 20170523212804.mwt3fmjof6k4sgx7@smithers.snow-crash.org> <[🔎] 9AAF6EE4-2BCA-4735-AC45-CA7752036E02@kitterman.com> <[🔎] 20170524040949.6d4flosakcxhzce2@lisa.snow-crash.org> <[🔎] 20170524082519.os6k2k2iz5wxsvxr@home.ouaza.com> <[🔎] 20170524085321.ynod3xdjoaaxp4ph@localhost> <[🔎] 20170524090141.3fw33fiwxifj2bll@home.ouaza.com> <[🔎] 20170524091721.dzwwrj7ommii3n4g@localhost> <[🔎] CAEffzkxnoVgKCEX67F9MQee0ienvE0oAQ5PRvMFAgdw4xo-abA@mail.gmail.com>

On Wed, 24 May 2017, Jan Ingvoldstad wrote:
> Basically: if you need security updates, don't rely on backports, don't put
> things in backports. The backport policy is incompatible with keeping
> systems up-to-date and secure.
[...] 
> I strongly recommend not using backports for anything else, and certainly
> not in production.

This is not in line with DSA's policy. If we need anything newer than
stable for a service hosted by DSA, then we have to use packages in
stable-backports.

This is because backports maintainers are expected to keep the packages
they upload there as secure.

If the rules are not allowing us to do that, then the rules are bad.

That said, just because we need something newer and secure, does not mean
that we always want to track every major update from testing during the
whole lifetime of stable-backports.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Adrian Bunk <bunk@debian.org>

References:
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Scott Kitterman <debian@kitterman.com>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Adrian Bunk <bunk@debian.org>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Adrian Bunk <bunk@debian.org>
- Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
  - From: Jan Ingvoldstad <frettled@gmail.com>

Prev by Date: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Next by Date: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Previous by thread: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Next by thread: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Index(es):
- Date
- Thread