Bug#764982: Sensible discussion
> Paul van der Vlis <paul@vandervlis.nl> (2015-04-19):
>> Cyril Brulebois wrote:
>> > Packages sometimes bitrot in backports, with unfixed security issues,
>> > up to the point they get removed. That can also happen because they're
>> > not supportable anymore (e.g. owncloud in wheezy-backports). Now we
>> > have debian-security-support for pathological cases in stable; does
>> > that work for backports? I'm pretty sure running a no longer supported
>> > owncloud instance is one of the worst things you can do with your
>> > data…
>>
>> Some packages in stable have the same problem.
>> Take a look at Chromium.
>
> Are you really not reading what you're quoting? That doesn't help having
> a sensible discussion.
I don't see the big difference. In both cases people did care, but it
was not possible to fix the problems. There was no bitrot, it was too
difficult.
What I think you mean to say, is that backports is not officially
handled by the Debian security team.
Do you think the problems in Owncloud would be fixed by the security
team when it was in stable? I don't think so. But maybe it is sometimes
correct for some less important packages, *because* backports is not
much used.
And I think there is a difference between packages what are in stable
and in backports, and packages what are only in backports.
When packages are only in backports, the focus is much more on
backports, and the security support of the maintainer will be better.
And it is more easy to fix problems in backports then in stable, because
you can use a newer version of upstream. Except in case of a freeze, but
then there is security support for testing.
With regards,
Paul van der Vlis.
--
Paul van der Vlis Linux systeembeheer, Groningen
http://www.vandervlis.nl
Reply to: