Re: The New Security Build Infrastructure
Stephen Stafford <firstname.lastname@example.org> writes:
>> By the way, handling security updates this way conflicts more and more
>> with the Social Contract in its current form.
> Didn't we already *have* this flamewar recently?
Well, that time, it was generally assumed that the Debian won't take
active measures to hide problems from its users. This is no longer
> This is the way it is with security, it is that way for some very good
It's the current way with security, and this way is fundamentally
flawed. I'm sad that Debian now supports this process actively, even
though it requires breaking the Social Contract (at least its spirit).
> We either accept it, or we don't *get* the advance notice and chance
> to release security updates. That *would* conflict with our social
> contract as it would most definitely *not* be looking after the best
> interests of our users.
Maybe we should poll our users if they want to have Sun Java in main?
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org