[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security in testing


Matt Zimmerman wrote:
> On Wed, May 14, 2003 at 06:35:46PM +0200, Sven Luther wrote:
>> Yes, but this is not something that is clearly said. Many people run
>> testing without even being aware that there may be security issues, or
>> more precisely, that the security issues are orders of magnitude worse
>> than even what is in sid.
> This is documented prominently on the website.  If people do not look
> before they leap, there is little we can do.

Sure we can. We can consider the lack of security updates for testing to
be a bug, and we can fix that bug.

As it is now, testing appears to be a worse leap than unstable WRT
security. That's not a good state of affairs IMHO.

So, how about a testing-updates?
- Developers can upload their source packages to testing-updates/incoming.
- If the package fulfills the criteria for moving to testing (N days, no
more RC bugs), not newer than what's current in unstable, and is buildable
by the other software in testing, it is scheduled for building.
- If the build is successful, it's available for apt-getting from
testing-updates; otherwise the maintainer gets a helpful ;-) email.


Matthias Urlichs  | {M:U} IT Consulting @ m-u-it.de  |  smurf@smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
System restarting, wait...

Reply to: