Re: Dreamhost dumps Debian

To: debian-devel@lists.debian.org
Subject: Re: Dreamhost dumps Debian
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 28 Aug 2013 11:42:05 +0100
Message-id: <[🔎] 21021.54269.447114.427837@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20130827232338.GA27931@virgil.dodds.net>
References: <[🔎] m3y57xjsg6.fsf@neo.luffy.cx> <[🔎] 20130820000440.GA25760@falafel.plessy.net> <[🔎] 21011.32310.864168.568030@chiark.greenend.org.uk> <[🔎] 20130820145339.GA2363@angband.pl> <[🔎] 21011.34255.48484.270530@chiark.greenend.org.uk> <[🔎] CAKcBoksQWK7a-vyeCBm+XE34=gh9nbUM0W2+S7zYzyw_n76xoQ@mail.gmail.com> <[🔎] 21011.39023.898706.120662@chiark.greenend.org.uk> <[🔎] CAKcBokvbuBQhfDhLbVF+zjBf_S6oa=FJROpZYT0149_F4YTpaQ@mail.gmail.com> <[🔎] 20130820174056.GB8223@virgil.dodds.net> <[🔎] slrnl1q7rc.596.jmm@inutil.org> <[🔎] 20130827232338.GA27931@virgil.dodds.net>

Steve Langasek writes ("Re: Dreamhost dumps Debian"):
> To me, being redirected to stable-updates constitutes a refusal/denial by
> the security team to use the security updates channel.  Again, if it's a
> security issue that's not important enough to be an official security
> update, it's not important enough for me to spend time on it as a stable
> update either.  [...]

I'm afraid I don't see why you'd think that.

> Well, I don't think that's a very good policy.  I don't see why, if the bug
> is worth fixing in a stable release for security reasons, it should go
> through the stable-updates channel instead of the security channel.  [...]

As Peter Palfrader points out stable-updates allows more review,
because it doesn't suffer from the process problems caused by the need
for secrecy.  stable-updates are also made in less of a hurry.

Furthermore, from the pov of the user, stable-updates are less
disruptive.  They can choose to take a point release when it comes
out, or to defer it.  When they do take a point release that can be a
planned activity so that they're ready to deal with any regressions.

Ian.

Reply to:

Follow-Ups:
- Update policies for security bugs [Was, Re: Dreamhost dumps Debian]
  - From: Steve Langasek <vorlon@debian.org>
- Re: Dreamhost dumps Debian
  - From: Philipp Kern <pkern@debian.org>

References:
- Re: Dreamhost dumps Debian
  - From: Vincent Bernat <bernat@debian.org>
- Re: Dreamhost dumps Debian
  - From: Charles Plessy <plessy@debian.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Dreamhost dumps Debian
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>
- Re: Dreamhost dumps Debian
  - From: Steve Langasek <vorlon@debian.org>
- Re: Dreamhost dumps Debian
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Dreamhost dumps Debian
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Web ID as passwordless authentication for debian web services
Next by Date: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Previous by thread: Re: Dreamhost dumps Debian
Next by thread: Update policies for security bugs [Was, Re: Dreamhost dumps Debian]
Index(es):
- Date
- Thread