Re: Updating scanners and filters in Debian stable (3.1)
Stephen Gran <email@example.com> writes:
> Well, the problem is that the procedure that we have is called
> backports.org, or private repositories. I agree that we also have a
> lack of an agreed upon maintenance strategy, but I respectfully disagree
> that we have either a team or an archive at present. I think these
> types of packages are _not_ security related, or at least not in the
> sense for which security.d.o has been used in the past.
The problem is not "find an archive"; the problem is not "find a
team". The problem is "what is the correct maintenance strategy".
Right now we have none, but at least it is at arms-length.
If you want it closer to Debian, then you need a better maintenance
strategy than "we get to make arbitrary upgrades".
If you come up with a maintenance strategy that you and the other
relevant developers are willing to put into place, then presto!
there's your team. And making the repository at that point is
trivia. What is lacking is not the repository, and not the team, but
the concrete policy statement about what maintenance strategy you
So far all I hear is "there are no limits on what possibly
destabilizing changes we will want to make to these packages." In my
opinion, that's not an acceptible maintenance strategy.