Re: security in testing
On Fri, May 16, 2003 at 02:52:15PM +0200, Michael Banck wrote:
> So, what have we got here?
>
> Three theses:
>
> On Wed, May 14, 2003 at 07:13:39PM +0200, Sven Luther wrote:
>
> 1.
> > Well, the documentation says that there is no security for testing,
>
> 2.
> > but it does not say that the security of unstable is higher than the
> > one of testing.
>
> OK, so testing has "no security" and you wonder why "the security of
> unstable is higher than the one of testing"? Reality check?
>
> The only conclusion I can draw from these two theses is that you think
> Debian Developers actively upload *backdoors* to unstable, in order to
> get its security below even testing.
???
The problem is that holes in testing and unstable appear at the same
time, but often only can get fixed in unstable.
> 3.
> > Anyway, intuitively testing is supposed to be more stable/secure/
> > better/whatever than unstable,
>
> Your intuition seems to be way off. Could you please write down your
> theses #1 five times and think about your theses #3 again?
Make a survey, that is what the vast majority of our user think. What i
am saying is that, sure, we say that testing has no security team
working on it, but this is also the case for unstable. People who are
not intimely familiar with the way the testing script work and such will
think that ok, testing has no security and may be broke, but it should
be worst in unstable, since after all testing has had some testing
already. Nobody is telling them that testing has any number of known and
documented security holes, which were there for a long time, and that we
have no intention of fixing in a timely fashion.
> > and that is what the people expect.
>
> s/people/morons/
Please, stay polite. It is not because you disagree that it gives you
the right to be rude (to me or to our users).
Friendly,
Sven Luther
Reply to: