Re: testing security (was Re: testing and no release schedule
On Thu, Apr 01, 2004 at 04:00:32AM -0500, Nathanael Nerode wrote:
> Matthias Urlichs wrote:
> > Hi, Nathanael Nerode wrote:
> >> I always thought
> >> that "best practice" was for maintainers to make new uploads to unstable
> >> when there's a security update, which they do -- but *also* to make
> >> security uploads to testing-proposed-updates. This doesn't seem to
> >> actually be done very often, unfortunately, even by otherwise very
> >> diligent
> >> maintainers. :-P I'm not sure why -- maybe testing-proposed-updates
> >> simply isn't well-known or well-understood? Or maybe it isn't processed
> >> efficiently?
> > If there are no dependency issues, Priority: high (or even "emergency",
> > which doesn't seem to be that well-known either) works just as well.
> Yeah; there often are dependency issues, of course.
And not to forget the build dependency issues.
The testing scripts ignore build dependencies - and how would you do an
upload of a fixed package to testing if the package's build dependencies
can't be fulfilled in testing?
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed