Re: Proposal: security-patch team for hamm

To: debian-devel@lists.debian.org
Subject: Re: Proposal: security-patch team for hamm
From: Joop Stakenborg <aba@casema.net>
Date: Fri, 2 Jul 1999 10:43:55 +0200
Message-id: <[🔎] 19990702104355.A1333@1dyn171.utr.casema.net>
In-reply-to: <[🔎] oau2rn7d2x.fsf@burrito.fake>; from Adam Di Carlo on Fri, Jul 02, 1999 at 02:58:14AM -0400
References: <199906300204.WAA09161@skyron.harvard.edu> <[🔎] oau2rn7d2x.fsf@burrito.fake>

On Fri, Jul 02, 1999 at 02:58:14AM -0400, Adam Di Carlo wrote:
> Debian mail acct <debian@skyron.harvard.edu> writes:
> 
> > I've a proto-proposal to make: offering security updates for some or all
> > earlier releases in the current "top-level" tree instead of just the current
> > "stable" (i.e. for hamm as well as slink right now).
> [...]
> > So here's the idea: get a smallish set of volunteers who are still running
> > earlier releases (i.e. hamm for now) and who are willing to test exploits &
> > patches/fixes against it, and who will in turn roll the new .deb's when a hole
> > pops up.  Continue to do this until 3.0 comes out, and then drop support for
> > all the 2.x's except the most recent one, and drop that when 3.1 is stable.
> > Repeat for 3.x etc.
> > 
> > Less-ambitious idea: always support the release prior to stable in this way.
> 
> > I really do think that otherwise, many potential debian users might be scared
> > off by how closely it's assumed they'll track the current release tree.
> > (Heck, Linus put out 2.0.37 almost 5 months after 2.2.0 first came out.)
> 
> That was probably Alan Cox, not Linus.  A better example is how Sun is
> still delivering Y2K fixes etc for SunOS 4.x.
> 
> The problem with these proposals is that (a) we don't even really
> maintain stable all that well; trying to have the Debian group also
> maintain hamm/bo/rex (even just security fixes) doesn't seem all
> feasible just from experience; (b) the debian official archive, on
> master.debian.org, doesn't even carry anything but stable/unstable
> (and sometimes frozen), and the infrastructure (debian/changelog,
> dupload, dinstall) doesn't support any distributions other than
> stable/unstable/frozen.
> 
> 

I agree it is fairly difficult to start maintaining older versions
of debian, on the other hand, if security or stability issues come
up for older versions, I think we should try to fix them.
If the debian archive does not support infrastructure for this, we
can decide on some simple mechanism for this, like a dedicated
web-site where packages can be downloaded.

We are a group of 500 developers. There must be some people out there
who are interested in setting this up.

Su, 

Joop
-- 

 Joop Stakenborg PA4TU, ex-PA3ABA <pa3aba@debian.org>
 Linux Hamradio Applications and Utilities Homepage
 http://www.casema.net/~aba

Reply to:

Follow-Ups:
- Re: Proposal: security-patch team for hamm
  - From: Adam Di Carlo <adam@onshore.com>

References:
- Re: Proposal: security-patch team for hamm
  - From: Adam Di Carlo <adam@onshore.com>

Prev by Date: Re: [gnu.misc.discuss,gnu.emacs.gnus] Free software: Packagers vs Developers
Next by Date: Re: tkpaint package (Re: Packages to give away)
Previous by thread: Re: Proposal: security-patch team for hamm
Next by thread: Re: Proposal: security-patch team for hamm
Index(es):
- Date
- Thread