Security support for tier-2 (was: Re: Bits (Nybbles?) from the Vancouver release team meeting)
On Monday 14 March 2005 17:18, Sven Luther wrote:
> On Mon, Mar 14, 2005 at 11:12:29AM -0500, David Nusinow wrote:
> > On Mon, Mar 14, 2005 at 09:54:49AM -0600, John Goerzen wrote:
> > > It is not unstable that I am (most) worried about.
> > >
> > > It is the lack of any possibility of a stable release that concerns me.
> > > Even if the people for a given arch were to build a stable etch, it
> > > would have no home in Debian, would suffer from being out of the loop
> > > on security updates, etc.
> > Well, we do know the security team needs help. What I'd love to see is
> > each port have someone on the security team to handle their specific
> > bugs, binary builds and testing. That might scale better and decrease the
> > overall load on the team. This is all in line with what seems to be the
> > central thesis of the proposal: shift more of the core burden to the
> > porters. Of course, this does demand a lot, but the burden has to go
> > somewhere, and the people currently carrying large portions of it are
> > saying they can't do this any more.
> Notice too that the exact same people whose help is needed are those that
> are pissed by this proposal, and whose help has been repeteadly rejected in
> the past.
Sven, is there a specific reason you believe that the proposers will
prevent security-support on scc.d.o for tier-2 arches or are you only
 plus/minus access to embargoed vendor-sec lists, this is a very sensitive
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium ;)
-- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15