Re: gnupg problem

To: Tim Haynes <debian@stirfried.vegetable.org.uk>
Cc: debian-security@lists.debian.org
Subject: Re: gnupg problem
From: maney@pobox.com (Martin Maney)
Date: Mon, 18 Jun 2001 15:41:20 -0500
Message-id: <[🔎] 20010618154120.B18409@furrr.two14.net>
Reply-to: maney@pobox.com
In-reply-to: <[🔎] 86elsh608n.fsf@potato.vegetable.org.uk>; from debian@stirfried.vegetable.org.uk on Mon, Jun 18, 2001 at 08:45:12PM +0100
References: <[🔎] E15Bsnx-0001pA-00@becket.becket.net> <[🔎] 15149.42809.204924.965187@frungy.org> <[🔎] 874rte6z7y.fsf@becket.becket.net> <[🔎] 20010618095932.B11954@cistron.nl> <[🔎] 87wv6a2oyk.fsf@becket.becket.net> <[🔎] 20010618101320.A22970@cistron.nl> <[🔎] 87ae35hdvr.fsf@becket.becket.net> <[🔎] 20010618205227.A17055@atrey.karlin.mff.cuni.cz> <[🔎] 873d8x1u38.fsf@becket.becket.net> <[🔎] 86elsh608n.fsf@potato.vegetable.org.uk>

On Mon, Jun 18, 2001 at 08:45:12PM +0100, Tim Haynes wrote:
> tb@becket.net (Thomas Bushnell, BSG) writes:
> > Debian ought to offer security updates for the stable distribution, but
> > it doesn't. Instead, it is only offering security updates for the
> > packages in the stable distribution. That's an understandable oversight,
> > but it is an oversight, and I think it should be corrected.
> 
> Insofar as I can make any sense of the above differentiation, does the idea
> `2.2r3' fit into this anywhere?

Sure.  That's the latest release of the distribution, with bug fixes rolled
in.  Many of those are security fixes.  Other security fixes have been
needed since release 3; because security bugs are considered more
time-critical than the other sorts, they are released, and indeed we are
strongly urged to install them, independently of the point release
mechanism.

The issue is, can a security-bug-fix release of a package which is
incompatible with one or more parts of the current point release packages as
a whole be good?  I'm inclined to feel that this is at least a serious flaw
in that security-bug-fix release, and I would hate to have to try to defend
the position that it is not a release-critical grade bug.  How would this
sort of conflict be resolved in normal development - if this incompatibility
arose in a proposed-update (non-security related), do you think that package
would be accepted for the next point release?  I would hope not.

> > We are not just about packages, we are about the way they work together
> > to form a coherent whole.

What he said.  Debian's biggest plus - I speak here as a sysadmin and user
of the distro - has always been the much higher technical quality; having a
supposed "fix" cause another part of Debian to break seems quite
antithetical to that quality.  If I wanted to roll the dice every time I
installed something new I could be using RPMs.  :-(  :-)

-- 
Microsoft, which used to say all the time that the software business
was ruthlessly competitive, is now matched against a competitor whose
model of production and distribution is so much better that Microsoft
stands no chance of prevailing in the long run. They're simply trying
to scare people out of dealing with a competitor they can't buy,
can't intimidate and can't stop. -- Eben Moglen

Reply to:

Follow-Ups:
- Re: gnupg problem
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>

References:
- gnupg problem
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: gnupg problem
  - From: Tim Potter <tpot@valinux.com>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: gnupg problem
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: gnupg problem
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>

Prev by Date: Re: rlinetd security
Next by Date: Re: rlinetd security
Previous by thread: Re: gnupg problem
Next by thread: Re: gnupg problem
Index(es):
- Date
- Thread