[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why not only support Sid and Testing?

Joey Hess <joeyh@debian.org> writes:

> The version numbers from popcon are much more interesting, but also
> heavily skewed by eg, d-i defaulting to installing popcon in etch but
> not in (released versions of) sarge.

Please also be aware that many of us who run stable on hundreds of
production systems don't participate in popcon on our production systems
due to security concerns.  Yes, I know that the amount of data that it
exposes is small, but there's also near-zero benefit from the perspective
of the reporting organization, and it's extremely difficult to make the
case of sending a complete list of installed packages for each machine to
a central repository.  Security people immediately start worrying about
that data being used to discover vulnerable systems.

All the systems on which I run popcon are running testing or unstable
because I only run popcon on my personal workstation and development
systems.  We have hundreds of production servers running Debian stable
that are not reflected in those numbers.

> I do think that we probably have as many if not more users using
> testing+unstable than stable, but at this point that can only be a gut
> feeling, there aren't really good numbers to back it up.

Certainly I have easily a hundred times as many systems running stable as
I do running testing/unstable.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: