[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

Stephen Stafford <stephen@clothcat.demon.co.uk> writes:

>> By the way, handling security updates this way conflicts more and more
>> with the Social Contract in its current form.
> Didn't we already *have* this flamewar recently?

Well, that time, it was generally assumed that the Debian won't take
active measures to hide problems from its users.  This is no longer
the case.

> This is the way it is with security, it is that way for some very good
> reasons.

It's the current way with security, and this way is fundamentally
flawed.  I'm sad that Debian now supports this process actively, even
though it requires breaking the Social Contract (at least its spirit).

> We either accept it, or we don't *get* the advance notice and chance
> to release security updates.  That *would* conflict with our social
> contract as it would most definitely *not* be looking after the best
> interests of our users.

Maybe we should poll our users if they want to have Sun Java in main?

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: