On Fri, Sep 29, 2000 at 05:35:47PM +0100, Adrian Bridgett wrote: > For important packages I'd say leave it _at least_ a year before stopping > security fixes for important programs (such as *ftpd but _not_ quake). Well, someone who cares is welcome to continue maintaining security-updates for slink or hamm or bo, or whatever. I'd guess the security team don't have the time or inclination to do this, and I'd also guess that there's at best a low probability of them accepting new and unproven members at the drop of a hat, so this would probably have to be done somewhat outside debian at least for a while. But I doubt it would be particularly difficult to arrange. > Users should upgrade when they want to, not due to lack of security fixes. Well, note that there's much less disincentive to upgrade with Debian than with most products: it's largely automated, it's free, and we go to a great deal of effort to support partial upgrades. > I think one way to manage this is to get a more automated build system. How > about trying to work around to only having packages compiled on build boxes > - maintainers can only upload diffs and tarballs? The problem with this is that any extra automated tools won't be in slink: they'll be in potato or woody, so you won't be able to make use of them when recompiling slink packages. Backporting fixes to something a few revisions old is also generally non-trivial and non-automatable. Adding new versions of things is all very well until they start relying on new versions of other stuff too. > Then by uploading a patch, some automation might be possible and most > certainly the amount of effort taken would be reduced - just upload the > changes and watch all platforms get recompiled automatically.... And when the changes aren't clean? Or when the builders don't have the right dependencies installed (remember, pre-woody doesn't have consistent build-dependencies and pre-slink doesn't even have apt officially)? Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``We reject: kings, presidents, and voting. We believe in: rough consensus and working code.'' -- Dave Clark
Attachment:
pgpRjy6lSprDy.pgp
Description: PGP signature