testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)
Anthony Towns wrote:
>On Sat, Feb 14, 2004 at 11:06:39AM -0700, Jamin W. Collins wrote:
>> On Sun, Feb 15, 2004 at 03:28:54AM +1000, Anthony Towns wrote:
>> > It's fine that he feels blocked. I feel blocked from getting testing
>> > working as well as it should because the security team aren't willing
>> > to support it. Every now and then I try to convince them to change
>> > their minds. So far they haven't, and don't look like ever doing so,
>> > but that doesn't make them bad people, and no matter what I want a
>> > difference answer, or how much I might know about their job, they're
>> > the ones in the best position to make that call. And until I do the
>> > job myself or convince someone else to do it, and demonstrate that
>> > it's doable, I've got no cause to expect _any_ assistance from the
>> > security team.
Exactly -- as opposed to the situation with wanna-build, where people offering
buildds have cause to expect assistance from the wanna-build access
>>> I'm assuming that when you attempt to convince them there is at least
>>> some two way conversation?
>I've asked in the past, I've been told that they don't have
>time. Nothing's changed since then to change that conclusion, so I haven't
I believe that the official policy is that package maintainers -- or even
NMUers -- can offer security updates for their 'testing' packages, and send
them to testing-proposed-updates, correct? This at least allows security
updates for 'testing' when the security update for 'unstable' is unlikely to
make it in soon. It is also a reasonable way distribute the work. Or am I
mistaken about this?
And ... someone ... has authority, ability, and time to look through
testing-proposed-updates and put things directly into testing, I hope?
Actually, does anyone, and if so who? If not, I see the problem....
> People outside of the security team have offered to help,
>but none of them have actually gotten beyond the point of offering to
>actually do anything. I believe the last time we would've discussed this
>was in 2002, and probably then as an aside on a thread in -private.