Re: security in testing
On Fri, May 16, 2003 at 04:09:28PM -0400, Stephen Frost wrote:
> * Michael Banck (mbanck@debian.org) wrote:
> > I wouldn't feel like setting up a repository for testing that only
> > clueless people-who-put-every-apt-line-they-see-in-their-sources-list[0]
> > would use.
>
> Others would see what you had done and you could post patches to the BTS
> with the fixes in them, etc.
You seem to be missing something:
I'm not the least bit interested in running a testing-security
repository outside of Debian. Furthermore, I've neither the skill, nor the
time to contribute to something like this integrated to Debian. I've
merely pointed out that such a repository, maintained by a NM outside of
Debian, would not be *anywhere* near an acceptable solution, because of
the reasons I put forth in this thread.
You're saying: "You want security for testing? Do it yourself!"
I'm saying: "Sure, people could do it for themselves, but how would that
benefit Debian as a whole?"
> > 1. See above
> > 2. I don't have the time
> > 3. I'm not running testing
>
> Ah, so, you don't have the time. That would be the reason testing
> hasn't got security updates- not enough skilled people with the time to
> actually *do* it.
Exactly.
> People with the time and skills, DD or not, could provide updates and
> eventually I think these people and updates would be incorporated into
> Debian in a move where Debian would then start officially supporting
> testing.
Like I said, if people like dark, Kamion, vorlon, etc would go forth and
started a testing-security initiative, I'd be thrilled by this. If
<you-know-who> or somebody unknown to the project would come along,
people would say: "So what?" and go away.
> I don't believe Debian should ever do it piecemeal or partially. If
> it's going to be done then it needs to be done completely and we must
> have enough people to do it before we announce that we will.
Exactly.
> > I must be totally missing something. Is one getting the s3kr1t
> > "create-a-repository-key" when you are becoming a DD? Where would these
> > repositories be located? Nobody told me so!
> >
> To create a respository you just need a couple debs and website and the
> tools to create the Packages files, ie: dpkg-scanpackages.
Aha. And what exactly buys you being a DD in this regard? That's the
implementation detail I was talking about earlier. You said
repositories would be easier setup if one was a DD, if I'm not
completely mistaken?
Michael
--
<azathoth> why can't alyssa milano live next door to me, be lonely and
need the satisfaction and fullfillment that only a 20 year old
computer programmer can provide...
* azathoth shakes his fist at god and goes back to his debugging
Reply to: