Security process vs. pu (Re: Bug#723641: pu: package xen/4.1.4-5)

To: Bastian Blank <waldi@debian.org>, debian-devel@lists.debian.org, debian-release <debian-release@lists.debian.org>
Cc: Thijs Kinkhorst <thijs@debian.org>
Subject: Security process vs. pu (Re: Bug#723641: pu: package xen/4.1.4-5)
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Fri, 04 Oct 2013 00:41:08 +0100
Message-id: <[🔎] 524E0094.3060408@pyro.eu.org>
In-reply-to: <20131002172106.GA8568@mail.waldi.eu.org>
References: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org> <1379883534.4765.48.camel@jacala.jungle.funky-badger.org> <20130922213445.GA26461@mail.waldi.eu.org> <4dc3baf150d8edc4d9b25a599be5083c.squirrel@aphrodite.kinkhorst.nl> <20130923084715.GA28647@mail.waldi.eu.org> <6367f639a63007fb478955437c644c71.squirrel@aphrodite.kinkhorst.nl> <20130930165211.GA31491@mail.waldi.eu.org> <f8e4d82e307c13a88f6f24f22f3d8d75.squirrel@aphrodite.kinkhorst.nl> <20131002172106.GA8568@mail.waldi.eu.org>

Hi Bastian,

Would you say that for publicly disclosed issues, the 'open' approach of
pu works better?  Meaning:

  1. debdiff gets reviewed on a public list, others have an opportunity
to help review and point out a mistake, and the discussion is archived
  2. the proposed updates queue has a public page[2]
  3. buildd status and logs are public[3]
  4. dak emails the maintainer and updates the PTS
  5. the changelog can be found on packages.d.o

[2]: http://release.debian.org/proposed-updates/stable.html
[3]: https://buildd.debian.org/status/architecture.php?a=amd64&suite=wheezy

Whereas the above is generally not true of the Security Team's process,
which seems designed to be able to handle embargoed issues?

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Prev by Date: Re: openpty under kFreeBSD
Next by Date: Re: openpty under kFreeBSD
Previous by thread: Re: openpty under kFreeBSD
Next by thread: Work-needing packages report for Oct 4, 2013
Index(es):
- Date
- Thread