* Michael Banck (mbanck@debian.org) wrote: > You seem to fail to understand that people don't pull security updates > from Joe-Random-NM-or-not's server. Of course, one can setup a > repository with testing-security-updates. Whether it would (or should) > actually be used is another matter. People pull all kinds of stuff from all kinds of people's servers. What you fail to understand is that not being a DD doesn't mean you can't do the work. > I'm all for starting, implementing and testing *new* projects outside of > the current infrastructue before they get transferred to .debian.org. > But the infrastructure and the procedures *are* there, we just need to > do it. So do it. You don't need it to be part of the current infrastructure, it doesn't save you much time, as I was trying to point out. > Huh? How could a DD create a repository somebody else cannot? The only > place that would be is people.debian.org/~<login>, right? That'll be > quite a bad place for security updates because I think one still cannot > pin different repositories at p.d.o to different priorities. Correct me > if I'm wrong. You're misunderstanding the comment. Were you made a DD the only work you wouldn't have to do to create testing security updates would be to create the repository. You'd have to do all the rest, which is where the real effort is. > > You took the comment out of context and then replied to it as that. > > I was not aware that you might actually argue about such a minor > implementation detail. Sure, I could have setup a repository while I was > writing those lines, but what does an empty repository serve to the > problem? You seem to say yourself that it actually takes time to provide > security updates. An empty repository is what you'd get if you were a DD. > Time, and the trust of the other debian developers, the users and > ideally of the security-team. There are a couple of DDs whose > security-for-testing-repository would be put instantly into my > sources.list (if I'd actually ran testing). There are a couple of others > I'd rather install Windows98 at home like my parents urge me to do than > do that. Time is certainly needed. Trust is needed if you want it to be an official part of Debian. If you spend the time you'll likely get the trust after a while if things go well. Stephen
Attachment:
pgp4JGCTDSYkz.pgp
Description: PGP signature