Re: security in testing

To: debian-devel@lists.debian.org
Subject: Re: security in testing
From: Michael Banck <mbanck@debian.org>
Date: Fri, 16 May 2003 21:28:12 +0200
Message-id: <[🔎] 20030516192812.GO23967@blackbird.oase.mhn.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030516184928.GJ8524@ns.snowman.net>
References: <[🔎] pan.2003.05.15.04.22.55.366542@smurf.noris.de> <[🔎] 20030515045007.GB8524@ns.snowman.net> <[🔎] pan.2003.05.15.07.11.11.226352@smurf.noris.de> <[🔎] 20030515125226.GC8524@ns.snowman.net> <[🔎] 20030516130040.GG23967@blackbird.oase.mhn.de> <[🔎] 20030516140657.GH8524@ns.snowman.net> <[🔎] 20030516150448.GL23967@blackbird.oase.mhn.de> <[🔎] 20030516163839.GI8524@ns.snowman.net> <[🔎] 20030516174130.GM23967@blackbird.oase.mhn.de> <[🔎] 20030516184928.GJ8524@ns.snowman.net>

On Fri, May 16, 2003 at 02:49:28PM -0400, Stephen Frost wrote:
> * Michael Banck (mbanck@debian.org) wrote:
> > You seem to fail to understand that people don't pull security updates
> > from Joe-Random-NM-or-not's server. Of course, one can setup a
> > repository with testing-security-updates. Whether it would (or should)
> > actually be used is another matter.
> 
> People pull all kinds of stuff from all kinds of people's servers.  What
> you fail to understand is that not being a DD doesn't mean you can't do
> the work.

I wouldn't feel like setting up a repository for testing that only
clueless people-who-put-every-apt-line-they-see-in-their-sources-list[0]
would use.

> > I'm all for starting, implementing and testing *new* projects outside of
> > the current infrastructue before they get transferred to .debian.org.
> > But the infrastructure and the procedures *are* there, we just need to
> > do it.
> 
> So do it.  You don't need it to be part of the current infrastructure,
> it doesn't save you much time, as I was trying to point out.

1. See above
2. I don't have the time
3. I'm not running testing

oh, and:

4. I would have to get a s/390
 
> > Huh? How could a DD create a repository somebody else cannot? The only
> > place that would be is people.debian.org/~<login>, right? That'll be
> > quite a bad place for security updates because I think one still cannot
> > pin different repositories at p.d.o to different priorities. Correct me
> > if I'm wrong.
 
> You're misunderstanding the comment.  Were you made a DD the only work
> you wouldn't have to do to create testing security updates would be to
> create the repository.  You'd have to do all the rest, which is where
> the real effort is.

> An empty repository is what you'd get if you were a DD.

I must be totally missing something. Is one getting the s3kr1t
"create-a-repository-key" when you are becoming a DD? Where would these
repositories be located? Nobody told me so!

Sorry that I'm not getting this.

Michael

-- 
[0] What's the official abbreviation/jargon term for those people?

Reply to:

Follow-Ups:
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>

References:
- Re: security in testing
  - From: "Matthias Urlichs" <smurf@smurf.noris.de>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: "Matthias Urlichs" <smurf@smurf.noris.de>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: security in testing
Next by Date: Re: Questions regarding utf-8
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread