Re: Relaxing testing requirements (was: summarising answers toVancouver critique)
martin f krafft dijo [Fri, Mar 18, 2005 at 12:57:54PM +0100]:
> > The security team is under-staffed *now*, AFAICT; and you want to increase
> > their workload for etch on the assumption that nothing bad will come of it?
> No, I said we should stock the security team, which I meant to read
> as: add more man-power.
Why has this not happened yet? This has been a known problem for quite
a long time...
The answer is simple: Not everybody can become a security team member,
the required technical skills are quite high. There is a VERY high
commitment requirement as well, so even some of the skilled people do
not become part of the security team. Besides _that_, most people
agree that creating new code is more fun than patching existing code,
so even less people step into that position.
Remember this is a volunteer project. I know of no extra volunteers
willing to take up such a task as Security. You repeatedly talk about
adding man-power to it. So... Are you in?
Gunnar Wolf - firstname.lastname@example.org - (+52-55)1451-2244 / 5554-9450
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF