Re: Upcoming Debian Releases
"Brian C. White" <bcwhite@verisim.com> wrote:
>> We can not make a release with a known security bug. We either have to
>> rebuild X 3.1 with a patch or ship with X 3.2 .
>
>Here is where we differ. I don't like releasing it as such, but I
>honestly believe that those people who use "stable" will not be at
>much risk from this hole.
I disagree. One of _the_ most important things in any distribution is
security. It is crucial that we not ship packages with known, severe,
exploitable holes - otherwise, Debian's reputation will _really_ go down
the gurgler.
Here at Monash, I see a lot of people dialling in, using PPP, from Linux
boxes. Many of these don't even have a root password! Today's standalone
machine may well be tomorrow's networked box.. and if their distribution
is to blame by including a known hole, they _will_ get themselves a
different distribution, and discourage their friends from using Debian.
I could go on, but I firmly believe that it's better to slip another
month and put 3.2 in Debian 1.2 than to ship "on time" with a security
hole of this nature. We aren't Microsoft.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: