[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updates in the very-old-stable (was: Time to merge back ubuntu improvements!(



On 01/06/2013 02:02 AM, Mike Gabriel wrote:
> Hi Thomas,
>
>> I agree. It would be nice if it was at least possible to upload security
>> updates
>> right now to old-stable, even if that wasn't officially supported. At
>> least, this
>> would be a nice way to go forward (eg: based on "best effort", and
>> without
>> forcing added work on anyone (yet)).
>
> Puuhhh... openly allowed uploads without review process to a
> not-any-more support version of Debian? This does not sound like
> Debian at all, does it?

That's not what I wrote.

Also, I don't know why Neils wrote so much about
forcing people when I wrote that we shouldn't. My
intention was to write that I thought this could be
an experiment for a start, without strong rules, to
see what can be done. Damned, am I expressing
myself so badly? :(

First of all, this could be a separated repo, it
doesn't have to, and IMO shouldn't for such an
experiment, overwrite what's in archive.debian.org.

Second, we can still do a review process, but it
doesn't have to be done the way it is done
currently for still supported releases. The way to
implement it is a totally different topic. (let's not
discuss this first... this could be setup gradually
as well...)

Last but not least, I don't understand why leaving
unpatched packages on deprecated releases
with absolutely no way at all to get them updated
is a better thing than allowing maintainers to
update their package if they feel like it.

If there's not enough manpower, we can just
recognize that fact. If someone volunteers for it,
we may have a list of known unfixed problems
(including security issues, and even a list of
possible problems if we don't have the resources
to check for the vulnerabilities).

The only problem I see with the above is if
ftp-masters have no time to setup a specific
repository for the updates. I have no idea how
much work that represent, within the Debian
infrastructure.

If nobody wants to go this way (eg: within the
Debian infrastructure), then we can make a
completely unofficial repository. That may work
as well. In fact, that could be the best way to
start as an experiment.

Any positive thoughts anyone?

Thomas


Reply to: