On Mon, Jul 30, 2007 at 11:23:47AM -0400, Tim Hull wrote: > However, I will agree that it seems a bit absurd to hold up > security fixes for a browser for all architectures based on breakage on a > few obscure ones. > Except that what you are describing is most certainly not the case. Take a look at the recent bind9 security announcements: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00102.html http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00103.html In the case of the Etch announcement: "For the stable distribution (etch) this problem has been fixed in version 9.3.4-2etch1. An update for mips is not yet available, it will be released soon." In the case of the Sarge announcement: "For the oldstable distribution (sarge) this problem has been fixed in version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet available, they will be released soon." So, tell me, where is a security update being held up because it is not in sync on all architectures? Now, in the case of testing (which is not officially supported for security updates, except by the secure-testing team), things may work a little differently. That is because testing propagation is based on rules, one of which includes that a package be in sync on all supported architectures. > Getting back to my original question, it still seems like there is a problem > (at least for end users on the desktop) with the current release cycle. > Lenny is not slated for release until September 2008, yet Etch will be > spectacularly outdated before then (for some, it already is - just ask Gnome > users, who are two releases behind *now*). Please enumerate which features are present in the new version of Gnome which are not present in the Etch version that the "average" user simply cannot live without. > Testing is not a viable desktop > choice (observe the aforementioned security issues), and unstable is > really OK only if you are a Linux expert. Both statements are highly subjective. > It seems to me that something has > to be done - whether this be some official backports (especially of popular > components like KDE, Gnome, the kernel, etc) or a faster release cycle. As others have said, you are more than welcome to help out where possible. > Personally, I prefer the former idea - I don't see a need to update my glibc > and gcc every 6 months and like the stable Debian base, though I do like to > have the latest Gnome. I think many users are in the same boat. > > Anyway, if any work is done in this regard, please let me know. > While I think that your opinions are a bit misguided, I hope that you find what you are seeking, either in Debian proper, a derivative or in an effort that you lead yourself. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature