On Mon, Oct 06, 2003 at 05:54:09PM -0500, Steve Langasek wrote:
> On Mon, Oct 06, 2003 at 10:32:20PM +0200, martin f krafft wrote:
> > also sprach Daniel Jacobowitz <dan@debian.org> [2003.10.06.2220 +0200]:
> > > I beg your pardon? Why do you believe that the _stable
> > > distribution security FAQ_ is relevant to this argument?
>
> > Because it is the only thing I could find that reflects Debian's
> > take on security fixes: feature backports are to be avoided.
>
> That's because it's the position of the *Security Team*, and is
> certainly not binding on other developers who are making changes to
> packages in *unstable*.
It still encapsulates an excellent way of avoiding messes like this, and
maintains the principle of least suprise for users. Finding out that your
Debian kernel source is mostly vanilla, with security fixes, is one thing.
Finding that it's vanilla, plus security fixes, plus whichever kitchen
sinks (sorry, but IPSec can't be anything BUT a kitchen sink patch) the
maintainer likes, but not ones s/he doesn't like, is quite another.
However, Herbert clearly doesn't find this a convincing line of argument
on it's own merits, so it's probably time to just kill this off.
If someone cares enough to do it this way, package it and upload it (and
if ftpmaster denies it, then we have something to talk about). If nobody
cares enough, then - well, nobody cares enough. Makes it pretty simple.
I'd still *rather* have it done more sanely, and intend to do so for the
NetBSD kernel sources, but short of the Technical Committee (who might
quite possibly decide it's fine), there doesn't seem to be much to be done
at this point except correct the situation by way of providing a better
answer.
(I am, however, reminded that it's probably a good idea to go codify
some things in the proposed mini-policy for NetBSD kernels...)
--
Joel Baker <fenton@debian.org> ,''`.
Debian GNU NetBSD/i386 porter : :' :
`. `'
`-
Attachment:
pgpOHl5MNEib5.pgp
Description: PGP signature