[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux Core Consortium

* Goswin von Brederlow (brederlo@informatik.uni-tuebingen.de) [041212 22:20]:
> Tollef Fog Heen <tfheen@err.no> writes:
> > t-p-u is not uploaded from another host through a mapping.  (Remember,
> > uploads to stable are mapped to stable-security on
> > security.debian.org, then uploaded to stable from that host.  The
> > .changes file however, does not list stable-security, it only lists
> > stable.  And the trivial fix, to drop the mapping won't help either,
> > since then any DD could upload to stable by uploading to
> > stable-security, and we don't want that.)
> >
> > Also, AIUI, t-p-u will mostly be used when there's a newer version in
> > unstable and you can't get the version in unstable in (because of
> > dependencies) or you have to get a fix in immediately, in which case
> > you upload to "unstable testing-proposed-updates", so you don't hit
> > the version skew issue.

> Which is exactly what you have with security. There is a newer version
> in unstable than what you upload.

Not if testing and unstable are in sync. In this case, the upload to
testing-security needs to also go to unstable, and not only to

> The problem seems to be more in rejecting unauthorized uploads to
> testing-security than a version problem.

No, that's easy. Allow security only via scp to queue/unchecked, and not
via anonymous ftp, means only to the few people that have direct access
to ftp-master, including a wrapper for the security team.

   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to: