Re: Bits from the DPL
Hi,
On Fri, 2025-10-03 at 20:32 +0200, Andreas Tille wrote:
> Am Fri, Oct 03, 2025 at 11:16:11AM +0300 schrieb Adrian Bunk:
> > Are we able to create new point releases of stable and oldstable within 48h,
> > to withdraw the package (and withdraw/update reverse dependencies) there?
>
> Thanks for raising this question.
>
> As far as I know currently we can't guarantee such a rapid turnaround
> across all suites.
>
> Please understand that point in my bits as a question for us as a
> project whether we want to set this as a long-term goal. Some in the
> community consider it essential that Debian is able to react very
> quickly when faced with credible legal claims or unfixable security
> issues.
> [...]
> If we agree that this is something we agree as a project, the next step
> is to discuss how to make it feasible — for example, whether the
> proposed split of responsibilities between the Archive Team and the
> DFSG/licensing team could help, and what kind of processes or
> infrastructure improvements would be required.
If you want guaranteed reaction teams, shifting responsibilities
doesn't seem relevant. You need to guarantee that people are always
available, so in practice paid positions as this cannot be guaranteed
with volunteer work.
And you would need those for all relevant teams and with enough man
power to handle vacations, sick leave, ...
You also have to take into account people building services outside the
main archive that distribute software artifacts without further
coordination.
How much is Debian willing to spend on this?
Ansgar
Reply to: