Re: stable vs. testing: same versions, different status

["Michael S. Gilbert" <michael.s.gilbert@gmail.com>]

On Tue, 9 Jun 2009 00:12:18 +0200, Francesco Poli wrote:
> Thank you: this one seems to have been left over
> http://security-tracker.debian.net/tracker/CVE-2009-0787

fixed.

> Ah, I thought this stable-security -> testing-security migration was
> already implemented.
> Maybe having this feature could be useful!
> What do others think?

i think it would be good from a user's perspective, but from a "testing
the release perspective," i think that the testing kernel should be
the one proposed for inclusion in the next stable release.

maybe a good compromise would be to use stable-security until the
stable+1 kernel version is decided, then migrate that from unstable.

> BTW, when will testing security support start again?
> Back on February, I was told to wait for some 2 months...
> http://lists.debian.org/debian-security-tracker/2009/02/msg00011.html

i don't know.  can anyone else comment on this?

> I think this should happen automatically.
> 
> This is a good reason to implement an automatic stable-security ->
> testing-security migration mechanism, that is triggered whenever the
> package version in testing (and the package version in
> testing-security, if any) is older than the stable-security one,
> as suggested above.

this would be nice, but it is usually a short timeframe for which there
exist testing and stable versions that match.  i think it will
always have to be a manual process involving DTSAs.

mike