Re: Dreamhost dumps Debian

To: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: Dreamhost dumps Debian
From: Pau Garcia i Quiles <pgquiles@elpauer.org>
Date: Tue, 20 Aug 2013 20:48:33 +0200
Message-id: <[🔎] CAKcBokvGvpLiWJLqRwTdd4jcq3B-=29jmasxBO7ZGvqdSf0hOg@mail.gmail.com>
In-reply-to: <[🔎] 87txikqkxf.fsf@windlord.stanford.edu>
References: <[🔎] 87wqnhpkn3.fsf@jidanni.org> <[🔎] m338q5lbk6.fsf@neo.luffy.cx> <[🔎] 1376942753-sup-2696@fewbar.com> <[🔎] m3y57xjsg6.fsf@neo.luffy.cx> <[🔎] 20130820000440.GA25760@falafel.plessy.net> <[🔎] 21011.32310.864168.568030@chiark.greenend.org.uk> <[🔎] 20130820145339.GA2363@angband.pl> <[🔎] 21011.34255.48484.270530@chiark.greenend.org.uk> <[🔎] CAKcBoksQWK7a-vyeCBm+XE34=gh9nbUM0W2+S7zYzyw_n76xoQ@mail.gmail.com> <[🔎] 21011.39023.898706.120662@chiark.greenend.org.uk> <[🔎] 87txikqkxf.fsf@windlord.stanford.edu>

On Tue, Aug 20, 2013 at 8:25 PM, Russ Allbery <rra@debian.org> wrote:

>> The same people that maintain the packages in sid and stable: the
>> maintainer(s) for each package. [...]

> That is not the case. At the moment most of this is done by the
> Debian security team. Of course some package maintainers do help.

I consider it part of my responsibility as a package maintainer to provide
security support for my packages for as long as Debian does. If I felt
like I couldn't do that, I would orphan the package or look at having it
removed from Debian. I don't think there's any way that one team can
scale to providing security support for the entire archive; it's hard for
them to even track the existence of issues for the entire archive.

That's exactly how I see it, glad to see I'm not alone :-)

My experience is that I can just barely manage to
convince upstreams to look over my backports of security patches to
packages in oldstable

What makes you think Ubuntu, Red Hat, etc ask upstream to look at their security patches for old versions or even approve them? When I backport something, I send it to upstream as a courtesy, in case they want to release a patch version, not because I expect them to give me the OK

--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

Reply to:

Follow-Ups:
- Re: Dreamhost dumps Debian
  - From: Russ Allbery <rra@debian.org>

References:
- Dreamhost dumps Debian
  - From: jidanni@jidanni.org
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Charles Plessy <plessy@debian.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Bug#720202: ITP: qreator -- utility for creating QR codes
Next by Date: Re: Dreamhost dumps Debian
Previous by thread: Re: Dreamhost dumps Debian
Next by thread: Re: Dreamhost dumps Debian
Index(es):
- Date
- Thread