[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SCC proposal (was: Re: Questions for the DPL candidates)

On Tuesday 15 March 2005 02:02, John Goerzen wrote:
> Simply making a snapshot -- or posting a set of .debs -- does not make
> Debian stable.  See #2, for instance.

See below, please.

> > > 2) Provides no way for such a stable release to be integrated into the
> > >    security build system;
> >
> > That's a feature, not a bug: the security team have had ongoing
> > difficulties supporting all those architectures. If there are people
> > willing to do security support for particular architectures, then I'm
> > sure they'll have somewhere to upload to.
> The most difficult ones I've heard of are the time it takes to build
> on some archs, which seems rather silly; just release the announcement
> when you have whatever set of main .debs ready and the others can
> build from source if they don't want to wait.

That is the point. Receiving a security update "somewhen" after the advisory 
is not "stable" either. 

Perhaps I am naive, but unless proven otherwise, I want to believe, that the 
security team will still run the patched packages through all of wanna-build 
and release whatever was able to build it. I also want to believe that it 
will be possible for a few dedicated porters to get into the vendor-sec 
circle, but this is a highly sensitive area jeoparding Debians ability as a 
whole to release prompt security updates.

Regards, David
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium ;)
 -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15

Reply to: