[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Open Questions regarding DPN

On Friday 25 April 2008 11:44:45 Lucas Nussbaum wrote:
> On 25/04/08 at 09:40 +0100, Alexander Schmehl wrote:
> > Let's see... DSAs are quite usefull to have, but a) there's a sepperate
> > announcement list for them and b) since DPN is send out on a biweekly
> > basis, it would mean that we might list two week old security
> > advisories. That's IMHO quite useless.
> I agree that we should not include them.

I disagree.  It is absolutely NOT useless.  

I am a hobby open-source developer but not a debian developer.  I run debian 
testing but I only upgrade to the latest packages every couple of months 
(mainly because of the pain of checking my changes against various config 
files to check if I can ignore the new file or whether I need to bite the 
bullet and re-apply my changes to the latest version, but that is not an 
issue for this list!).  

These machines are quite secure (behind my own firewall, don't run any 
services accessible to the Internet, I take care where I surf and disable 
scripting if I think I might be navigating somewhere dangerous, etc.).  So, I 
don't worry if I am a few weeks behind with security updates.  Others may not 
agree that is safe but it is my personal tradeoff and I am SURE there are 
many others like me.

I used to find the security updates section of DWN one of the most useful 
sections as it allowed me to give a quick glance that there wasn't an update 
for something I use heavily or feel might be particularly at risk, meaning I 
really do need to upgrade quickly (meaning the next convenient weekend, not 

> > Noteworthy new packages:  Since Joe Average is using the stable
> > distribution, announcing new packages, which might end up in the next
> > stable release is quite useless; there should be a better place to
> > report them (e.g. release-notes).
> I know a lot of Debian *users* who use testing on their desktops. I
> think that they are worth mentioning.

I agree.  In fact, I don't think anyone who runs stable is likely to subscribe 
to DPN at all.  It will be people like me, who run testing but are not at all 
actively involved in Debian.  Seeing new packages I might want to play with 
is quite interesting.

> > Orphaned packages / packages up for adoption:  Not interesting for the
> > main audience; are allready reported weekly to the debian-devel list
> > (where they are IMHO more appropriate); if Joe Average is really
> > interested in them, it's easier to install the devscript package and
> > run "wnpp-alert".
> Agreed.

I don't agree.  While not the most critical section I always gave this a quick 
look.  I run all sorts of strange stuff on my system and if something I use 
has been orphaned it is useful to know so I can think about whether to 
switch, or whether I don't use it and should probably uninstall it, or 
whether I should see if I could help to maintain it.  Note that this is for a 
completely different reason than someone might read the list in debian-devel: 
I am not a DD and am not going to be adopting the package!

I think the issue is, like all MARCOM, knowing your audience.  I do not 
develop for Debian so I wouldn't join debian-devel, nor do I subscribe to 
many other debian lists or RSS feeds (basically just this one because I work 
in marketing and feel I may be able to make a tiny contribution).  But I am a 
user and I have an interest in Debian -- a two-weekly mailing feels about 
right.  As a user, I valued all three of the above sections.

On the other hand, if this is intended as a mailing for people interested in 
Debian but not necessarily actually using it (e.g. journalists, consultants, 
or users of derived distributions) then none of the three make much sense.  
They are more interested in project news, progress on the next release, 
policy changes, notable wins, etc.


Reply to: