Re: Updating scanners and filters in Debian stable (3.1)

To: Colin Watson <cjwatson@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Updating scanners and filters in Debian stable (3.1)
From: Thomas Bushnell BSG <tb@becket.net>
Date: 06 Oct 2004 09:42:30 -0700
Message-id: <[🔎] 87r7obvlvt.fsf@becket.becket.net>
In-reply-to: <[🔎] 20041005195220.GE12265@riva.ucam.org>
References: <[🔎] 20041004150603.GC32527@www.lobefin.net> <[🔎] 20041004213647.GA16999@mails.so.argh.org> <[🔎] 20041004214419.GA31875@cirrus.madduck.net> <[🔎] 20041004214419.GA31875@cirrus.madduck.net> <[🔎] 20041004214759.GD16999@mails.so.argh.org> <[🔎] E1CEb7V-0000RP-00@chiark.greenend.org.uk> <[🔎] 20041005013912.GB8747@www.lobefin.net> <[🔎] 87hdp9rv3a.fsf@becket.becket.net> <[🔎] 20041005163756.GA27512@www.lobefin.net> <[🔎] 87mzz1q8xx.fsf@becket.becket.net> <[🔎] 20041005195220.GE12265@riva.ucam.org>

Colin Watson <cjwatson@debian.org> writes:

> On Tue, Oct 05, 2004 at 12:08:42PM -0700, Thomas Bushnell BSG wrote:
> > Stephen Gran <sgran@debian.org> writes:
> > > I am under the impression that 'normal procedures' does not involve
> > > updating the application to catch new threats.  If I'm wrong, then there
> > > is no need for this entire thread.
> > 
> > Talk to the security team.  Talk to the security team.  Talk to the
> > security team.
> 
> Thomas, that's enough. Other people have legitimate disagreements with
> your preferred approach; rude use of repeated assertion is not going to
> automatically win you the argument.
>
> FWIW, I think that every upload to the security archive should be
> accompanied by a security advisory. I wouldn't be at all surprised if
> the security team felt that uploads that don't merit security advisories
> were an inappropriate use of their archive.

Yes, that's a perfectly reasonable attitude on their part.  It is
tantamount to "these don't require updates" or some such.

I'm not saying we must do it at all.  I'm saying that security is the
responsibility of the security team, and not debian-devel.  Having not
heard from the security team what they think, and this apparent
reluctance to actually ask them and carry on the discussion with thim,
means that it will probably never get addressed.

The over-the-top "so then I'm going to file bugs to have the packages
just removed" is tantamount to "my way or the highway".  By contrast,
I think the whole question is the responsibility of the security team,
and I trust them to do what is appropriate.

Thomas

Reply to:

Follow-Ups:
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: martin f krafft <madduck@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: possible mass bug filing: spamassassin 3
Next by Date: Re: possible mass bug filing: spamassassin 3
Previous by thread: Re: Updating scanners and filters in Debian stable (3.1)
Next by thread: Re: Updating scanners and filters in Debian stable (3.1)
Index(es):
- Date
- Thread