Re: SCC proposal (was: Re: Questions for the DPL candidates)
On Tuesday 15 March 2005 02:02, John Goerzen wrote:
> Simply making a snapshot -- or posting a set of .debs -- does not make
> Debian stable. See #2, for instance.
See below, please.
> > > 2) Provides no way for such a stable release to be integrated into the
> > > security build system;
> >
> > That's a feature, not a bug: the security team have had ongoing
> > difficulties supporting all those architectures. If there are people
> > willing to do security support for particular architectures, then I'm
> > sure they'll have somewhere to upload to.
>
> The most difficult ones I've heard of are the time it takes to build
> on some archs, which seems rather silly; just release the announcement
> when you have whatever set of main .debs ready and the others can
> build from source if they don't want to wait.
That is the point. Receiving a security update "somewhen" after the advisory
is not "stable" either.
Perhaps I am naive, but unless proven otherwise, I want to believe, that the
security team will still run the patched packages through all of wanna-build
and release whatever was able to build it. I also want to believe that it
will be possible for a few dedicated porters to get into the vendor-sec
circle, but this is a highly sensitive area jeoparding Debians ability as a
whole to release prompt security updates.
Regards, David
--
- hallo... wie gehts heute?
- *hust* gut *rotz* *keuch*
- gott sei dank kommunizieren wir über ein septisches medium ;)
-- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15
Reply to: