[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: doubts about Lenny and available QA tools and security team

On Sun, Oct 19, 2008 at 10:30 PM, Andre Felipe Machado
<andremachado@techforce.com.br> wrote:

>> - Expected release date for Lenny.

The release team estimated September 2008. Obviously we missed their
expected release date. Others have estimated June 2009 as the release


Hopefully, Debian developers and users care enough to make it happen
earlier than that.

>> - How test/guarantee today high end hardware (SAN, blades
>> , etc) work fully with Lenny? Are there regression tests?

As with everything, we rely on Debian maintainers, our users, upstream
developers and users testing the software that interfaces with this

>> - How help Debian at this task of high end hw drivers?

Same as any feature in the distro; regularly perform tests of the
feature you are interested in, using the testing and unstable
distributions. In addition, for Linux kernel stuff, it is probably
advisable to be testing using the latest -rc kernel released by Linus.
Given enough enthusiasm you might want to run automated daily tests of
Linus' git master branch, git bisect to find problematic commits and
report the bugs/regressions to the appropriate places.

>> - How much time takes a security patch to be issued?

You might be able to get info about this by looking at the dates when
security bugs were reported, and when the resulting security updates
were issued:


A better way to find out would be to ask the security team though.

>> - Are there regression tests to allow distro consistency of a
>> security fix backport to a VERY old version of a sw,
>> already outside of security team action scope? (Lets say, a
>> Pg 6.x on Lenny, unmaintained even at upstream. Please, do
>> not discuss the merit of this approach, as it is _their_ IT mgmt
>> problem to solve.) How release team verify distro consistency?
>> Could it be reproduced in house? Is a repackaging enough?

Not sure I understand the question, but it sounds like something for
the security team to answer.



Reply to: