On Tue, Apr 30, 2002 at 07:04:06PM +1000, Anthony Towns wrote:
> Unfortunately, that's exactly where we've dropped the ball: the security
> team presently don't have the resources to handle security advisories
> for woody [0]. While there has been a plan in place for roughly a year
> on how to handle this ("rbuilder", for those playing along at home),
> it hasn't been successfully rolled out across more than a handful
> of the architectures we wish to support, and it further doesn't seem
> like trying to rush it now will be particularly effective. As such,
> an alternate arrangement, involving some moderately significant changes
> to the existing autobuilder system are being made, which should become
> active over the next week or so.
> Naturally, we will not be making the woody release until we have a viable
> mechanism for making timely security updates.
Are you (or the security team) able to give us more information about
specifically which architectures rbuilder is still needed for? I can't
recall any directed requests for assistance sent to either the port
lists I follow or to debian-devel. I'm interested in making sure both
that the ports I depend on will have security updates available, and
that other ports have an opportunity to protect their interests as well.
While I've heard it bemoaned that the porters aren't stepping forward to
get rbuilder in place, no member of the security team that was on IRC
when I inquired was able to tell me whether a particular port of
interest even had an rbuilder setup.
Clearly, getting the current autobuilders fixed up to handle the load
should be the top priority; but it sounds like the /wish/ is for this to
be a temporary solution.
Steve Langasek
postmodern programmer
Attachment:
pgpGT2VgHZkN0.pgp
Description: PGP signature