Re: Release
If we ship with a security, we will have a probable solution to the
bug, namely update to the 3.2 X packages which are available in the
unstable release. Of course, some would say that is irresponsible,
since if we have tested enough to guarantee that works, we should ship
it as stable. I don''t like having a security bug, but I believe that
it is available in 1.1 Debian, so we won't be adding a security bug by
shipping 1.2 with the bug still in place. We will, however, be fixing
many other problems, and including a probable fix to the security bug.
Changing something as important as the X packages requires at least a
month of testing. It is less responsible to fix an inadequately
tested package in 2 weeks than to release a package with known and
documented bugs now.
bruce@pixar.com (Bruce Perens) writes:
>
> Fine, but we need some criteria for the go/no-go decision. For one thing,
> I'm loath to ship with known security bugs. Security bugs get lots of
> publicity. Responsible-sounding organizations post notices pointing to
> them, and listing the name of our distribution along with "currently no
> solution", and then they list all the distributions that have the problem
> fixed. But the real problem is that shipping with a known security bug is
> percieved as irresponsible sloppiness, and makes people not trust your
> distribution. Perhaps we should establish a list of what makes us look
> stupid and prioritize it, and use that as our criteria. I still assert
> that security bugs take a higher priority than schedule slips.
>
--
kevin
kevin@aimnet.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: