Re: Second list of suggestions for Debian 3.0r3

To: Martin Schulze <joey@infodrom.org>
Cc: debian-devel@lists.debian.org, Branden Robinson <branden@debian.org>, ed@debian.org, Lionel Elie Mamane <lionel@mamane.lu>
Subject: Re: Second list of suggestions for Debian 3.0r3
From: Adrian Bunk <bunk@fs.tum.de>
Date: Mon, 29 Mar 2004 19:46:40 +0200
Message-id: <[🔎] 20040329174639.GC22291@fs.tum.de>
Mail-followup-to: Adrian Bunk <bunk@fs.tum.de>, Martin Schulze <joey@infodrom.org>, debian-devel@lists.debian.org, Branden Robinson <branden@debian.org>, ed@debian.org, Lionel Elie Mamane <lionel@mamane.lu>
In-reply-to: <[🔎] 20040329161014.GB1655@finlandia.infodrom.north.de>
References: <[🔎] 20040329155101.GV22291@fs.tum.de> <[🔎] 20040329161014.GB1655@finlandia.infodrom.north.de>

On Mon, Mar 29, 2004 at 06:10:14PM +0200, Martin Schulze wrote:
> Adrian Bunk wrote:
> > thanks for commenting on my first list of suggestions for Debian 3.0r3.
> > 
> > Below are some additional suggestions (this time only removal 
> > suggestions):
> > 
> > 
> > Must be removed
> > ---------------
> > 
> > - freeamp #152857
> >   trademark problems
> 
> We disagree.  A "discussion" has been started on debian-legal because
> of this.

I've sent my opinion in the answer to tbm's mail.

But you are the SRM, it's your decision.

>...
> > Other candidates for removal
> > ----------------------------
> > 
> > - gkrellm-newsticker
> >   was removed from unstable with the comment
> >     RoQA; two unfixed security holes; orphaned
> >   should be removed or the security team should check whether a DSA is
> >   appropriate
> 
> The security team needs to decide.
> 
> > - xfree86v3
> >   possibly unfixed security problems
> 
> The security team is fixing stuff with help of Branden.  Hence,
> this should be discussed with the security team as well.
> 
> Also, removing security-buggy packages would not help our users.
> It's even the contrary, since the users would still use the buggy
> version, without an upgrade path unless they upgrade their distribution.
> Hence, removing due to security problems is not a preferred method
> to deal with security issues.

Agreed.

But somthing similar might need to be implemented between stable
releases - the same problem you want to avoid will occur when upgrading
to Debian 3.1.

And in potato smail was the only important package with possible
security problems that was removed and it was explicitely described in
the release notes. Today with the removal of packages from testing every
few days I expect that there will be many security-buggy packages
present in Debian 3.0 that will not be in Debian 3.1.

> Regards,
> 
> 	Joey

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

References:
- Second list of suggestions for Debian 3.0r3
  - From: Adrian Bunk <bunk@fs.tum.de>
- Re: Second list of suggestions for Debian 3.0r3
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: Bug#239952: kernel-source-2.6.4: qla2xxx contains non-free fi rmware
Next by Date: Re: Release update
Previous by thread: Re: Second list of suggestions for Debian 3.0r3
Next by thread: Re: Second list of suggestions for Debian 3.0r3
Index(es):
- Date
- Thread