[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why back-porting patches to stable instead of releasing a new package.

On Sat, Aug 16, 2003 at 03:50:01PM -0400, Matt Zimmerman wrote:
> On Sat, Aug 16, 2003 at 12:45:20PM -0400, Andrew Pimlott wrote:
> > It could be announced as a potential but unverified hole.  Anyway, this
> > whole "decision" thing is overblown for 99% of users.  As long as Debian
> > is careful with stable updates, they should be extremely reliable, and
> > most users shouldn't think twice about installing them.  I suppose the
> > other 1% can do their own research.  I think the benefit in terms of holes
> > closed outweighs the cost of more numerous and less informative updates.
> The reason why many users don't have to think about installing the updates
> is because they trust us to be responsible with our changes.  In cases where
> the stability of the system is critical, updates will still be scrutinized,
> because downtime must be scheduled.  This means that they need to know the
> urgency of the issue.

Installing updates without checking would be very common. With the SSH
update I just went and installed it on all of our machines. If I had known
it would break so many things I would have been more careful (and saved
myself a lot of grief). (basically, password-less ssh1 keys were no longer
used automatically, breaking many scripts).

Next time I see an update that upgrades to a completely new version I will
definitly be more careful.

Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> "All that is needed for the forces of evil to triumph is for enough good
> men to do nothing." - Edmond Burke
> "The penalty good people pay for not being interested in politics is to be
> governed by people worse than themselves." - Plato

Attachment: pgp3dBbodSaBz.pgp
Description: PGP signature

Reply to: