On Wed, Sep 22, 2010 at 01:16:39AM +0300, Jonathan Nieder wrote: > (+cc: previous participants) > > The Anarcat wrote: > > > I understand that, but how does that keep us from issuing [an] > > update on security.debian.org? > [...] > > People running stable are not necessarily running volatile and s-p-u. > > Ah, I missed your point before. Keeping git broken in lenny is indeed > a lousy outcome. > > So what can we do instead? > > Uploading to security.debian.org, though at first it seems pragmatic, > has problems: > * doesn't help installations without security.debian.org in > sources.list (which is a reasonable configuration in some special > circumstances, really!). I think there are more people running with security.d.o than volatile.d.o or backports. In fact, i fail to see how *not* running with security.d.o would be a proper configuration. > * would be terribly confusing to people watching security.debian.org I'm not sure why. > * would set a weird precedent for errata that did not come about in > fixing a security-related bug The regression was introduce by fixing a security-related bug which was bundled in a stable point-release instead of a regular security upgrade (which is a source of confusion for me in the first place). > If I ran the world or had infinite time, I'd suggest a stable point > release with just the binnmu, which has none of those problems. > > Release managers: would that or something similar be feasible? Thanks for the time taken to consider my objections. -- Antoine Beaupré Réseau Koumbit Networks +1.514.387.6262
Attachment:
signature.asc
Description: Digital signature