Re: Dreamhost dumps Debian

[Pau Garcia i Quiles <pgquiles@elpauer.org>]

On Tue, Aug 20, 2013 at 6:25 PM, Ian Jackson <ijackson@chiark.greenend.org.uk> wrote:

> > The bigger problem for a Debian LTS is this: 1. who is going to do
> > security support for it ?
>
> The same people that maintain the packages in sid and stable: the

> maintainer(s) for each package. [...]

That is not the case.  At the moment most of this is done by the
Debian security team.  Of course some package maintainers do help.

IMHO that should be turned around: package maintainers should be the ones responsible for updates and the Security Team should help with that (e. g. by providing tips and/or reviewing the fixes)

 

>  For orphaned packages, NMUs by other
> developers or even a new maintainer team ("foster-carers@debian.org").
> Providing fixes, security or not, is our part of our duty as Debian
> developers. Sure, packaging new upstream versions is always more exciting
> than fixing a broken version/package but it needs to be done.

You seem to be saying "this is an important thing to do - will you
all please go and do it".

Exactly. That's what I do for my packages (in fact I backport newer versions of some of my packages to every Debian and Ubuntu which is still supported).

 

That's not how things work.  In summary, unless and until we have
people who volunteer to do the security support for an LTS, we won't
have an LTS.

 

Maybe I'm wrong but I fail to see why "security support for LTS" should be a different team than "security support for stable". To me, it should be the same team, and maintainers and packages should be #1 in the list of people to work on fixes, as I said above.

--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)