Security process vs. pu (Re: Bug#723641: pu: package xen/4.1.4-5)
- To: Bastian Blank <waldi@debian.org>, debian-devel@lists.debian.org, debian-release <debian-release@lists.debian.org>
- Cc: Thijs Kinkhorst <thijs@debian.org>
- Subject: Security process vs. pu (Re: Bug#723641: pu: package xen/4.1.4-5)
- From: Steven Chamberlain <steven@pyro.eu.org>
- Date: Fri, 04 Oct 2013 00:41:08 +0100
- Message-id: <[🔎] 524E0094.3060408@pyro.eu.org>
- In-reply-to: <20131002172106.GA8568@mail.waldi.eu.org>
- References: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org> <1379883534.4765.48.camel@jacala.jungle.funky-badger.org> <20130922213445.GA26461@mail.waldi.eu.org> <4dc3baf150d8edc4d9b25a599be5083c.squirrel@aphrodite.kinkhorst.nl> <20130923084715.GA28647@mail.waldi.eu.org> <6367f639a63007fb478955437c644c71.squirrel@aphrodite.kinkhorst.nl> <20130930165211.GA31491@mail.waldi.eu.org> <f8e4d82e307c13a88f6f24f22f3d8d75.squirrel@aphrodite.kinkhorst.nl> <20131002172106.GA8568@mail.waldi.eu.org>
Hi Bastian,
Would you say that for publicly disclosed issues, the 'open' approach of
pu works better? Meaning:
1. debdiff gets reviewed on a public list, others have an opportunity
to help review and point out a mistake, and the discussion is archived
2. the proposed updates queue has a public page[2]
3. buildd status and logs are public[3]
4. dak emails the maintainer and updates the PTS
5. the changelog can be found on packages.d.o
[2]: http://release.debian.org/proposed-updates/stable.html
[3]: https://buildd.debian.org/status/architecture.php?a=amd64&suite=wheezy
Whereas the above is generally not true of the Security Team's process,
which seems designed to be able to handle embargoed issues?
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: