Re: Open Questions regarding DPN
On Friday 25 April 2008 11:44:45 Lucas Nussbaum wrote:
> On 25/04/08 at 09:40 +0100, Alexander Schmehl wrote:
> > Let's see... DSAs are quite usefull to have, but a) there's a sepperate
> > announcement list for them and b) since DPN is send out on a biweekly
> > basis, it would mean that we might list two week old security
> > advisories. That's IMHO quite useless.
> I agree that we should not include them.
I disagree. It is absolutely NOT useless.
I am a hobby open-source developer but not a debian developer. I run debian
testing but I only upgrade to the latest packages every couple of months
(mainly because of the pain of checking my changes against various config
files to check if I can ignore the new file or whether I need to bite the
bullet and re-apply my changes to the latest version, but that is not an
issue for this list!).
These machines are quite secure (behind my own firewall, don't run any
services accessible to the Internet, I take care where I surf and disable
scripting if I think I might be navigating somewhere dangerous, etc.). So, I
don't worry if I am a few weeks behind with security updates. Others may not
agree that is safe but it is my personal tradeoff and I am SURE there are
many others like me.
I used to find the security updates section of DWN one of the most useful
sections as it allowed me to give a quick glance that there wasn't an update
for something I use heavily or feel might be particularly at risk, meaning I
really do need to upgrade quickly (meaning the next convenient weekend, not
> > Noteworthy new packages: Since Joe Average is using the stable
> > distribution, announcing new packages, which might end up in the next
> > stable release is quite useless; there should be a better place to
> > report them (e.g. release-notes).
> I know a lot of Debian *users* who use testing on their desktops. I
> think that they are worth mentioning.
I agree. In fact, I don't think anyone who runs stable is likely to subscribe
to DPN at all. It will be people like me, who run testing but are not at all
actively involved in Debian. Seeing new packages I might want to play with
is quite interesting.
> > Orphaned packages / packages up for adoption: Not interesting for the
> > main audience; are allready reported weekly to the debian-devel list
> > (where they are IMHO more appropriate); if Joe Average is really
> > interested in them, it's easier to install the devscript package and
> > run "wnpp-alert".
I don't agree. While not the most critical section I always gave this a quick
look. I run all sorts of strange stuff on my system and if something I use
has been orphaned it is useful to know so I can think about whether to
switch, or whether I don't use it and should probably uninstall it, or
whether I should see if I could help to maintain it. Note that this is for a
completely different reason than someone might read the list in debian-devel:
I am not a DD and am not going to be adopting the package!
I think the issue is, like all MARCOM, knowing your audience. I do not
develop for Debian so I wouldn't join debian-devel, nor do I subscribe to
many other debian lists or RSS feeds (basically just this one because I work
in marketing and feel I may be able to make a tiny contribution). But I am a
user and I have an interest in Debian -- a two-weekly mailing feels about
right. As a user, I valued all three of the above sections.
On the other hand, if this is intended as a mailing for people interested in
Debian but not necessarily actually using it (e.g. journalists, consultants,
or users of derived distributions) then none of the three make much sense.
They are more interested in project news, progress on the next release,
policy changes, notable wins, etc.