Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

To: debian-devel@lists.debian.org
Subject: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
From: Russ Allbery <rra@debian.org>
Date: Tue, 27 Aug 2013 10:18:53 -0700
Message-id: <[🔎] 87ppszjblu.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] CAKcBokv8PbDe1_uak-qGrwC2QH1rMLpZNtD6hyBdG0Oq9YyqZg@mail.gmail.com> (Pau Garcia i. Quiles's message of "Tue, 27 Aug 2013 15:29:07 +0200")
References: <[🔎] 1376942753-sup-2696@fewbar.com> <[🔎] m3y57xjsg6.fsf@neo.luffy.cx> <[🔎] 20130820000440.GA25760@falafel.plessy.net> <[🔎] 20130826093106.149379kk0chnydkq@mail.das-netzwerkteam.de> <[🔎] 521B1C71.6070806@balintreczey.hu> <[🔎] 20130826103301.GP5936@halon.org.uk> <[🔎] 521BEECC.9060203@debian.org> <[🔎] 20130827085613.GA10599@feivel.credativ.lan> <[🔎] CAKcBoksYFzMkRCJztoCdwNadtvbtnmny1D48yooUpJhS1MicUw@mail.gmail.com> <[🔎] 1377600118.16071.33.camel@deadeye.wl.decadent.org.uk> <[🔎] 20130827120944.GA10917@halon.org.uk> <[🔎] CAKcBokv8PbDe1_uak-qGrwC2QH1rMLpZNtD6hyBdG0Oq9YyqZg@mail.gmail.com>

Pau Garcia i Quiles <pgquiles@elpauer.org> writes:

> IMHO the Security Team should not act as fixers themselves but more as
> proxies, passing information about a security issue to the maintainer of
> the package.

And what happens then if the maintainer doesn't respond?

If we're going to offer meaningful security support, we have to have a
bug-fixer of last resort, and that's the party most stressed by extending
security support.  Particularly since that for every year we extend it,
more maintainers will be uninterested in doing so for their own packages.

Alternately, we could be far more aggressive about removing packages from
oldstable, I suppose, but I don't think that's a good idea; that just
leaves our users with exactly the sorts of choices that we're trying to
avoid.  I think it's much cleaner and better for our users to offer full
security support and then retire the whole distribution at the same time.
It makes planning considerably easier, among other things.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

References:
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Charles Plessy <plessy@debian.org>
- Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Balint Reczey <balint@balintreczey.hu>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Neil McGovern <neilm@debian.org>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Thomas Goirand <zigo@debian.org>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Michael Meskes <meskes@debian.org>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Neil McGovern <neil@halon.org.uk>
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>

Prev by Date: Bug#721073: ITP: minetest-mod-pipeworks -- Minetest mod - Pipeworks
Next by Date: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Previous by thread: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Next by thread: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Index(es):
- Date
- Thread