On Wed, 2007-05-30 at 16:48 -0700, Steve Langasek wrote:
> On Wed, May 30, 2007 at 09:38:16PM +0100, Ben Hutchings wrote:
> > On Tue, 2007-05-29 at 19:46 -0700, Steve Langasek wrote:
> > > On Tue, May 29, 2007 at 11:51:38PM +0100, Ben Hutchings wrote:
> > > > There were some discussions on -private (and possibly here?) earlier in
> > > > the year about quality vs quantity of packages.
>
> > > > It should be clear to most developers that our many packages are not all
> > > > equal in quality; nor are all maintainers. Not everyone is aware that
> > > > packages in a stable release may have serious known bugs - even security
> > > > bugs - that won't get fixed because of overstretched or MIA developers,
> > > > or lack of upstream support.
>
> > > What evidence do you have that serious security bugs "won't get fixed" in a
> > > stable release because of MIA developers?
>
> > Search for "years" in
> > http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag&data=security&archive=no&version=&dist=stable&pend-exc=fixed&pend-exc=done&include=security
>
> If I search on
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag;data=security;archive=no;dist=stable;pend-exc=fixed;pend-exc=done;include=security;severity=critical,grave,serious
> (since the question was about "serious security bugs"), the only matches are
> listed as "From other Branch", meaning that the versions listed as affected
> in the BTS are not versions present in stable.
<snip>
I'm sorry, I did not use "serious" in the precise sense of the BTS. I
meant that there were bugs that could have serious consequences for some
users, which is true of many bugs with severity = important. Also, this
release is relatively new and has had less time to accumulate bug
reports. sarge is in a worse state.
Ben.
--
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou
Attachment:
signature.asc
Description: This is a digitally signed message part