Re: Debian contributors looking for paid work on Squeeze LTS
On Tue, May 27, 2014 at 08:34:47AM +0200, Raphael Hertzog wrote:
> > Some of them are delayed 'til the next point release.
>
> Right that's the way the security team delegates the responsibility of
> such updates to the maintainers and the stable release team.
Not necessarily. I only means that this/these issue(s) don't qualify for
a DSA on their own. It often happens that something is tagged no-dsa
and when we make a DSA for that package at a later point the delayed
fix is included.
> > Since there aren't any point releases anymore we won't be able to do that anyways.
>
> This is no longer correct however given that the LTS team has no
> restrictions on what they can upload to squeeze-lts. If we decide that
> low-impact security issues can be fixed in squeeze-lts, then it's just a
> matter of someone doing the work.
That's a question of policy. Every updates bears a potential risk of regression
no matter how many tests you run and every update requires attention by the
admin rolling it out.
Cheers,
Moritz
Reply to: