[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testing/security (was Re: Debian needs more buildds. It has offers. They aren't being accepted.)

Anthony Towns wrote:
>On Sat, Feb 14, 2004 at 11:06:39AM -0700, Jamin W. Collins wrote:
>> On Sun, Feb 15, 2004 at 03:28:54AM +1000, Anthony Towns wrote:
>> > It's fine that he feels blocked. I feel blocked from getting testing
>> > working as well as it should because the security team aren't willing
>> > to support it. Every now and then I try to convince them to change
>> > their minds. So far they haven't, and don't look like ever doing so,
>> > but that doesn't make them bad people, and no matter what I want a
>> > difference answer, or how much I might know about their job, they're
>> > the ones in the best position to make that call. And until I do the
>> > job myself or convince someone else to do it, and demonstrate that
>> > it's doable, I've got no cause to expect _any_ assistance from the
>> > security team.
Exactly -- as opposed to the situation with wanna-build, where people offering 
buildds have cause to expect assistance from the wanna-build access 
controller.  *sigh*

>>> I'm assuming that when you attempt to convince them there is at least
>>> some two way conversation?
>I've asked in the past, I've been told that they don't have
>time. Nothing's changed since then to change that conclusion, so I haven't
>asked again.
I believe that the official policy is that package maintainers -- or even 
NMUers -- can offer security updates for their 'testing' packages, and send 
them to testing-proposed-updates, correct?  This at least allows security 
updates for 'testing' when the security update for 'unstable' is unlikely to 
make it in soon.  It is also a reasonable way distribute the work.  Or am I 
mistaken about this?

And ... someone ... has authority, ability, and time to look through 
testing-proposed-updates and put things directly into testing, I hope?  
Actually, does anyone, and if so who?  If not, I see the problem....

> People outside of the security team have offered to help,
>but none of them have actually gotten beyond the point of offering to
>actually do anything. I believe the last time we would've discussed this
>was in 2002, and probably then as an aside on a thread in -private.

Reply to: