[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security in testing

On Fri, May 16, 2003 at 01:59:48PM +1000, Anthony Towns wrote:

> On Thu, May 15, 2003 at 10:28:48PM -0400, Matt Zimmerman wrote:
> > Outstanding DSA's are not the matter at hand; 
> 
> Sure they are: if you're complaining that the security team already has
> too much work to do, then it's outstanding DSAs that are exactly the
> problem.  If there aren't any outstanding DSAs, then it'd seem like now
> would be the right time to see about doing a *better* job, rather than
> just the same old one.

No, I'm complaining that you want to funnel additional, unrelated work
through the security team when there is no good reason to do so.

> [...more of the same...]
> > Why don't they upload them to testing-proposed-updates instead?  You
> > have said that it works and all known technical issues have been
> > addressed.  Just give maintainers the power they want.
> 
> Yes, and funnily enough, uploads to -p-u have to be processed by the
> release manager, either Joey for stable, or me for testing. How's the
> phrase go? "You suggest distributing the workload, and your concrete
> suggestions are exactly the opposite of that."

"So add people."  See where this is going?

With t-p-u, any maintainer can upload their package, review the build logs,
fix any problems, re-upload, etc.  Why would you want the security team to
do this instead?

> > No, I'm contending that testing is in development.  
> 
> Are you contending that the stable Debian release *isn't* in development?
> I'm pretty sure that the OpenOffice.org guys are working on some stuff to
> be included in the next stable release.

The stable Debian release is *not* in development.  It is not changing.  The
only way it will change significantly will be when it is *completely replaced*
with a new release.

  development
       n 1: act of improving by expanding or enlarging or refining; "he
            congratulated them on their development of a plan to
            meet the emergency"; "they funded research and
            development"
       2: a process in which something passes by degrees to a
          different stage (especially a more advanced or mature
          stage); "the development of his ideas took many years";
          "the evolution of Greek civilization"; "the slow
          development of her skill as a writer" [syn: {evolution}]

> > It's a daily snapshot.
> 
> That's certainly true. Do you contend that it's impossible to have a daily
> release schedule? How about hourly? Weekly? Monthly? Every two months?
> Six?

There's obviously no hard and fast rule.  It's a tradeoff whether it's more
expedient to patch what's there or let it go into the next release.  If the
next "release" is less than 24 hours away, it doesn't make much sense to
patch the existing release.

-- 
 - mdz
Reply to: