Re: chromium not in Squeeze: a bit of communication needed?

To: debian-release@lists.debian.org, team@security.debian.org
Subject: Re: chromium not in Squeeze: a bit of communication needed?
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 8 Sep 2010 12:57:28 -0400
Message-id: <[🔎] 20100908125728.48380d5f.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20100908161939.GA4166@gnu.kitenet.net>
References: <[🔎] 20100908114849.GA7986@upsilon.cc> <[🔎] 20100908101035.d733418c.michael.s.gilbert@gmail.com> <[🔎] 20100908151433.GA1648@gnu.kitenet.net> <[🔎] 20100908113429.e1f18c56.michael.s.gilbert@gmail.com> <[🔎] 20100908161939.GA4166@gnu.kitenet.net>

On Wed, 8 Sep 2010 12:19:40 -0400, Joey Hess wrote:
> Michael Gilbert wrote:
> > A an option in the installer like volatile/security should address a
> > lot of this concern.
> 
> Unless it installs the package from backports, the most the installer
> can do is eliminate one or two of the three or four things users must
> do to use it. All my comments about user discoverability/usability still
> apply.

Here's what I think could be done:

1.  Provide debian-backports-desktop which has a limited set of
bleeding edge packages that desktop users want
2.  Make the priority of this release higher than that of stable, and
have some high standards for the ftpmaster to control what gets in
3.  Provide debian-backports-server which is the current backports,
just renamed, and operates the same way
4.  Provide an option in the installer called "I want bleeding edge
desktop updates (provided via debian-backports-desktop)"
5.  Provide an option called "I want server backports (provided via
debian-backports-server)"

> > > If backports are really officially supported, and we encourage users to
> > > install a web browser from them, which is not available in stable, how
> > > is that truely different than shipping the same web browser in stable?
> > 
> > The difference is that there is no arduous backporting/dsa process to
> > push that update
> 
> If we're encouraging users to install a web browser from an officially
> supported part of Debian, then the security support requirements are not
> lessened *at all*.

Testing is currently declared "officially supported" and those updates
go through the same unstable->testing process proposed here.  They
receive no announcement other than the automated daily testing security
postings [0].  Perhaps those announcements could be made a bit more
professional, and perhaps done on a per-package basis. It may also be
that they should be posted to debian-security-announce as well.

Best wishes,
Mike

[0]
http://lists.debian.org/debian-testing-security-announce/2010/09/threads.html

Reply to:

Follow-Ups:
- Re: chromium not in Squeeze: a bit of communication needed?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- chromium not in Squeeze: a bit of communication needed?
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: chromium not in Squeeze: a bit of communication needed?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: chromium not in Squeeze: a bit of communication needed?
  - From: Joey Hess <joeyh@debian.org>
- Re: chromium not in Squeeze: a bit of communication needed?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: chromium not in Squeeze: a bit of communication needed?
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: chromium not in Squeeze: a bit of communication needed?
Next by Date: Re: chromium not in Squeeze: a bit of communication needed?
Previous by thread: Re: chromium not in Squeeze: a bit of communication needed?
Next by thread: Re: chromium not in Squeeze: a bit of communication needed?
Index(es):
- Date
- Thread