Re: Freeze Please?
On Thu, Feb 06, 2003 at 07:22:26PM +0100, Marcelo E. Magallon wrote:
> On Fri, Feb 07, 2003 at 12:38:49AM +1000, Anthony Towns wrote:
> > > There are packages with not so trivial bugs stuck in it, and it
> > > has been said over and over again, it contains packages with
> > > security holes.
> > Are you offering to help, or just bitching?
> I was expecting that.
> I'm saying that your assertion that testing is working ok is self
Just bitching then. The word "working" was in quotes for just that reason.
The comment that "you're certainly not saying anything that's news to
anyone", that you've deleted, was likewise.
> If you want to have it more verbosely, I'm saying that testing is a
> nice experiment, but we have found empirical evidence that it does not
> work as well as we hoped initially.
It works exactly as well as we hoped initially, the assumptions it was based
on have proven intensely unreliable. Those assumptions were:
* That we can provide releasable packages in unstable on
a regular, albeit not continual, basis. cf libc6's history
for the past six months.
* That we can have a working installer, and thus working
installation published automatically at regular intervals. We're
actually getting somewhere with this although I'm not sure if
I'm willing to dump that on you.
* That anyone would bother maintaining security updates for
> Or put in another way, if the testing maintainance scripts are working
> ok, why can't we release testing today?
Because we don't have an installer, no one's working on security issues,
and glibc in unstable has been broken since woody's release.
> > Seriously, if you or anyone else wants to do the work to do security
> > updates for testing on a regular basis, everything's in place -- all
> > you have to do is upload the source packages, and work out whether you
> > want to do it like stable security updates (on the separate server,
> > made instantly available, possibly prepared before publication, with an
> > advisory), or just as an "out-of-band" update.
> That's good to know. Do we have testing autobuilders?
Of course we do. "Everything's in place -- all you have to do is upload
the source packages."
> > All this stuff has been in place since the new security architecture
> > came into being
> I have no clue what you are talking about.
Anthony Towns <email@example.com> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Dear Anthony Towns: [...] Congratulations --
you are now certified as a Red Hat Certified Engineer!''