Re: security in testing

To: Sven Luther <sven.luther@wanadoo.fr>, debian-private@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: security in testing
From: Sven Luther <sven.luther@wanadoo.fr>
Date: Fri, 16 May 2003 07:58:44 +0200
Message-id: <[🔎] 20030516055844.GA1043@iliana>
In-reply-to: <[🔎] 20030515233036.GG1324@mathom.us>
References: <20030513142055.GD25426@alcor.net> <[🔎] B21CC0CD-85DA-11D7-84D2-003065F97418@debian.org> <[🔎] 20030514122545.GE1324@mathom.us> <[🔎] 20030514151453.GE29921@gwolf.cx> <[🔎] 20030514195758.GF1324@mathom.us> <[🔎] 20030515050716.GA16136@iliana> <[🔎] 20030515233036.GG1324@mathom.us>

On Thu, May 15, 2003 at 07:30:36PM -0400, Michael Stone wrote:
> On Thu, May 15, 2003 at 07:07:16AM +0200, Sven Luther wrote:
> >But we don't advertize this, so it is natural that people make the
> >mistake and use testing instead of unstable.
> 
> People say this all the time. Then other people go around telling
> everyone to run testing. I'm not sure how to fix misplaced advocacy.

Please, have a look at our announement when first testing was created.
Read well what _We_, as debian, said and then tell me that again.

The reality is that _We_ advocated testing as two things :

  1) a release helping tool, with all arches in sync and so on. This has
     served us well, altough there is often a big lag, and the loose
     release schedule is a strain on developers who have no good idea of
     how to best schedule their own packaging effort. But all in all, it
     works.

  2) a way for people for which stable is too outdated to run more
     advanced software, without suffering from the breakages of unstable.
     By saying this we clearly imply that it is better to run testing
     than unstable. Sure, this was before we had time to test testing,
     and before we became aware of the big stalls implied, and the fact
     that security wise testing is worse than unstable. But this, only
     the insiders, and even then, not everyone, is well informed about.

This second goal is today a total failure, it must not need be so,
but it is today, and we are putting many people at risk. And i think
even that this is against the "We wont hide problems" of our social
contract because there is a small step between not being loud enough
about a fact and hiding it.

I still think that the second goal can be achieved. Probably the fact to
use testing-proposed-update for security and RC bugs would be enough, i
don't know, only experience will tell. That said, again, almost nobody
(of the developers) is aware of the fact that we can (and should) use
testing-proposed-update for that.

All in all, this long thread is only a (mis)-communication problem, as
often is, and we would loose less time if we stopped hiding our head in
the sand and stop alos to use arguments like 'but you should know' or
'this is not a problem, just ...'.

Friendly,

Sven Luther

Reply to:

Follow-Ups:
- Re: security in testing
  - From: Gerfried Fuchs <alfie@ist.org>

References:
- Re: security in testing
  - From: Chris Leishman <masklin@debian.org>
- Re: security in testing
  - From: Michael Stone <mstone@debian.org>
- Re: security in testing
  - From: Gunnar Wolf <gwolf@gwolf.cx>
- Re: security in testing
  - From: Michael Stone <mstone@debian.org>
- Re: security in testing
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: security in testing
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: security in testing
Next by Date: Re: Screwed up fonts in _ALL_ Qt applications :(
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread