Re: Linux Core Consortium
* Goswin von Brederlow (firstname.lastname@example.org) [041212 22:20]:
> Tollef Fog Heen <email@example.com> writes:
> > t-p-u is not uploaded from another host through a mapping. (Remember,
> > uploads to stable are mapped to stable-security on
> > security.debian.org, then uploaded to stable from that host. The
> > .changes file however, does not list stable-security, it only lists
> > stable. And the trivial fix, to drop the mapping won't help either,
> > since then any DD could upload to stable by uploading to
> > stable-security, and we don't want that.)
> > Also, AIUI, t-p-u will mostly be used when there's a newer version in
> > unstable and you can't get the version in unstable in (because of
> > dependencies) or you have to get a fix in immediately, in which case
> > you upload to "unstable testing-proposed-updates", so you don't hit
> > the version skew issue.
> Which is exactly what you have with security. There is a newer version
> in unstable than what you upload.
Not if testing and unstable are in sync. In this case, the upload to
testing-security needs to also go to unstable, and not only to
> The problem seems to be more in rejecting unauthorized uploads to
> testing-security than a version problem.
No, that's easy. Allow security only via scp to queue/unchecked, and not
via anonymous ftp, means only to the few people that have direct access
to ftp-master, including a wrapper for the security team.
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C