This one time, at band camp, Thomas Bushnell BSG said: > Colin Watson <cjwatson@debian.org> writes: > > FWIW, I think that every upload to the security archive should be > > accompanied by a security advisory. I wouldn't be at all surprised if > > the security team felt that uploads that don't merit security advisories > > were an inappropriate use of their archive. > > Yes, that's a perfectly reasonable attitude on their part. It is > tantamount to "these don't require updates" or some such. > > I'm not saying we must do it at all. I'm saying that security is the > responsibility of the security team, and not debian-devel. Having not > heard from the security team what they think, and this apparent > reluctance to actually ask them and carry on the discussion with thim, > means that it will probably never get addressed. I thought that 'issues related to the development of debian' was on topic for this list. It is not at all clear to me that this is a security issue, because outdated A/V software usually does not place the server it runs on at risk for compromise. I am trying to discuss if and how these kinds of packages should be distributed, and I rather like the idea of volatile.debian.org. Since we do not at present have a volatile.debian.org, this seems like the best place to discuss it. > The over-the-top "so then I'm going to file bugs to have the packages > just removed" is tantamount to "my way or the highway". By contrast, > I think the whole question is the responsibility of the security team, > and I trust them to do what is appropriate. I think you misunderstood me. I was not intending to stomp my feet and have a tantrum. I honestly do not believe outdated A/V software is useful in the modern internet, and so I don't see why we should ship it if it can't be updated in band. Take care, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgp917Ho7i6le.pgp
Description: PGP signature