Re: Updating scanners and filters in Debian stable (3.1)
On Tue, Oct 05, 2004 at 07:54:51AM +0200, martin f krafft wrote:
> also sprach Matthew Garrett <email@example.com> [2004.10.05.0015 +0200]:
> > > We can push neither of them into Debian via security.d.o. No,
> > > sorry, this is not the way stable works.
> > /Should/ it be the way stable works? We have the ability to change
> > that.
> No. It's "stable". It's one of the major features of Debian that we
> do not pull in dependencies but rather backport the fixes. People
> have come to rely on it.
> I consider volatile software a whole new class which cannot fit in
> with the regular "never touch a running system" paradigm because it
> needs to be cutting edge.
> Thus, I would consider it perfectly sensible for Debian to have
> a new archive, e.g. volatile.debian.org, which plays nice with the
> current stable, but which has turnaround times of a couple of days
> at max.
I agree. Security as is currently is perfectly suitable in many
circumstances, and administrator (me for instance) could like the
way things are currently done, i.e. no changes at all and backported
patches for security. Not all the world needs on all boxes an up-to-date
AV, and up-to-date anti-spam (or the latest Mozilla if we would agree
about the opportunity of major upgrades for some selected programs).
The ratio of a reasonable up-to-date volatile.d.o archive segregated
in respect with security.d.o is all in this pov.
Incidentally, volatile could also be used to upgrade stable for interactive use,
which is probably the major reason of obsolescence for stable, but that's
Francesco P. Lovergine