Re: Dreamhost dumps Debian

To: debian-devel@lists.debian.org
Subject: Re: Dreamhost dumps Debian
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Tue, 27 Aug 2013 23:51:40 +0200
Message-id: <[🔎] slrnl1q7rc.596.jmm@inutil.org>
References: <[🔎] m338q5lbk6.fsf@neo.luffy.cx> <[🔎] 1376942753-sup-2696@fewbar.com> <[🔎] m3y57xjsg6.fsf@neo.luffy.cx> <[🔎] 20130820000440.GA25760@falafel.plessy.net> <[🔎] 21011.32310.864168.568030@chiark.greenend.org.uk> <[🔎] 20130820145339.GA2363@angband.pl> <[🔎] 21011.34255.48484.270530@chiark.greenend.org.uk> <[🔎] CAKcBoksQWK7a-vyeCBm+XE34=gh9nbUM0W2+S7zYzyw_n76xoQ@mail.gmail.com> <[🔎] 21011.39023.898706.120662@chiark.greenend.org.uk> <[🔎] CAKcBokvbuBQhfDhLbVF+zjBf_S6oa=FJROpZYT0149_F4YTpaQ@mail.gmail.com> <[🔎] 20130820174056.GB8223@virgil.dodds.net>

Steve Langasek <vorlon@debian.org> schrieb:
> I understand the
> motivation (like everyone else they have more to do than they have time to
> do it in), but I think the outcome, whereby the security team denies use of
> the security update channel for non-"critical" security bugs and redirects
> maintainers to stable-updates instead, is unfortunate.  

We don't "deny" anything here, the current implementation of the security
release process simply doesn't allow more fine-grained control on who/how
security updates can be released.

There were some internal discussions in the past and that's certainly an
agenda topic on a future security team sprint.

> As far as I'm
> concerned, a security fix that isn't worth being pushed to
> security.debian.org is also not worth me spending time on as a maintainer to
> push to stable-updates.

Pushing minor issues through point updates is the same process other enterprise
distros use as well; SLES and RHEL also pile up minor issues for point updates
instead of sending out a security update.

In the past such minor issues were simply left unfixed in stable. Since a few
years we've established a process to systematically keep the maintainers 
informed (Jonathan Wiltshire runs a notification bot for that).

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Dreamhost dumps Debian
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Charles Plessy <plessy@debian.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Dreamhost dumps Debian
Next by Date: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Previous by thread: Re: Dreamhost dumps Debian
Next by thread: Re: Dreamhost dumps Debian
Index(es):
- Date
- Thread