Moritz, I remember sometime ago a posting telling that there is no testing security support for a while, but did not yet see an announcement that squeeze security support is in place. Did I miss it or is testing still w/o security support? Many thanks, Rainer Am Sonntag, 30. August 2009 schrieb Moritz Muehlenhoff: > Dear release people, > > > As announced on dda [RT1], we want to get an impression when releasing > > Squeeze is feasible. We have proposed a (quite ambitious) freeze in > > December 2009, and some developers have noted that their planned changes > > wouldn't be possible in this time frame. So, to find out when releasing > > would work for most people, it would be great if you could answer the > > following questions: > > > > Do you have any big changes planned? How much time would they take, and > > what consequences are there for the rest of the project? > > > > How many "big" transitions will the upcoming changes cause? When should > > those happen? Can we do something to make them easier? > > We discussed the hardening options at DebConf: We would like to see > -fstack-protector", "-D_FORTIFY_SOURCE=2", "-Wformat" and > "-Werror=format-security" set as default build flags through > dpkg-buildpackage for at least i386 and amd64 (some embedded archs don't > implement it). We need to run more benchmarks before filing a bug about > this, but we don't expect much fallout caused by build failures. > > Shortening the release time frame causes some difficulties: Security > support for oldstable ends one year after the release of stable or with the > release of stable+1. Having a release one year after Lenny release will be > difficult for large organisations. > > The initial announcement of the new release plans contained the idea to > support upgrades to Lenny to Debian 7.0. We don't have the resources to do > that, supporting the current state of affairs is difficult enough. > > Cheers, > Moritz -- Rainer Dorsch Lärchenstr. 6 D-72135 Dettenhausen 07157-734133 email: rdorsch@web.de jabber: rdorsch@jabber.org GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E Full GPG key: http://pgp.mit.edu/
Attachment:
signature.asc
Description: This is a digitally signed message part.