Re: Upcoming Debian Releases

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Upcoming Debian Releases
From: Stuart Lamble <lamble@yoyo.cc.monash.edu.au>
Date: Thu, 28 Nov 96 13:25:30 +1100
Message-id: <199611280225.NAA15773@aurora.cc.monash.edu.au>
In-reply-to: Message from bcwhite@verisim.com of 96-Nov-27 21:8:43, <329CF42B.1FD833A@verisim.com>

"Brian C. White" <bcwhite@verisim.com> wrote:
>> We can not make a release with a known security bug.  We either have to
>> rebuild X 3.1 with a patch or ship with X 3.2 .
>
>Here is where we differ.  I don't like releasing it as such, but I
>honestly believe that those people who use "stable" will not be at
>much risk from this hole.

I disagree. One of _the_ most important things in any distribution is
security. It is crucial that we not ship packages with known, severe,
exploitable holes - otherwise, Debian's reputation will _really_ go down
the gurgler.

Here at Monash, I see a lot of people dialling in, using PPP, from Linux
boxes. Many of these don't even have a root password! Today's standalone
machine may well be tomorrow's networked box.. and if their distribution
is to blame by including a known hole, they _will_ get themselves a
different distribution, and discourage their friends from using Debian.

I could go on, but I firmly believe that it's better to slip another
month and put 3.2 in Debian 1.2 than to ship "on time" with a security
hole of this nature. We aren't Microsoft.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Upcoming Debian Releases
  - From: "Brian C. White" <bcwhite@verisim.com>

References:
- Re: Upcoming Debian Releases
  - From: "Brian C. White" <bcwhite@verisim.com>

Prev by Date: Re: Upcoming Debian Releases
Next by Date: Re: Release
Previous by thread: Re: Upcoming Debian Releases
Next by thread: Re: Upcoming Debian Releases
Index(es):
- Date
- Thread