Re: Mitigating the problem of limited security support

[Moritz Mühlenhoff <jmm@inutil.org>]

Alberto Garcia wrote:
> The problem is that point releases with fixes for CVEs can also
> introduce regressions (#855103, introduced in 2.14.4). That one was
> fixed quickly, though, but that's why I was asking.

The security archive doesn't scale to play catchup with all those
rdeps. There's too many things missing in dak on security-master
to make that a viable option (and unfortunately development on
this is mostly stalled).

You're best technical bet would be to upgrade to new webkit releases in
stretch point releases, this would allow proper binNMUs and allow
people to testdrive via s-p-u. But that's up for the SRMs to
decide (and I doubt they want to deal with that kind of API
"stability" either).

Cheers,
        Moritz