[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

On Tue, Aug 27, 2013 at 2:09 PM, Neil McGovern <neil@halon.org.uk> wrote:

Indeed. Look at the security team for example. In theory, if all
maintainers cared enough about the older packages, we woudn't need the
level of people we currently do.

IMHO the Security Team should not act as fixers themselves but more as proxies, passing information about a security issue to the maintainer of the package. Maintainers are not always fully aware some old version of their package is affected by a security issue. OTOH, the Security Team is continually monitoring CVEs, etc. 

Or at least, that's how I'd like the Security Team to work. It would alleviate the burden on them and move the bugfixing/security fixing to the people who know the package better and are probably in touch with upstream.

Pau Garcia i Quiles
(Due to my workload, I may need 10 days to answer)

Reply to: