[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible hole in mozilla et al

On Thu, 2002-05-09 at 01:22, Tim Uckun wrote:
> I am not arguing for any change in the policies for determining what is 
> stable and what is not. My feeling is (and I admit I haven't done any 
> studies) that stable gets delayed sometimes due to obscure packages having 
> bugs or obscure platform specific bugs. It seems to me that most commonly 
> used packages like apache, php, postgres etc have a pretty good track 
> record and could be considered stable a few months after they are released.
> Using the same criterea used the debian folks now you could have more 
> frequent updates if you simply selected a small set of carefully chosen 
> packages. Kind of a debian sub distro.

For those that need some of the new versions of packages (EG: Being
stuck with the `stable' version of postgresql would be silly if you used
it heavily) it is not that difficult to get around it by having a
deb-src line that points at testing.

apt-get build-depends apache
apt-get -b source apache

It is not going to work all the time. Sometimes the build depends have
to be built from testing as well... 

Having lots of different stable branches as suggested by someone else
would make the security team pretty difficult, and it is already hard
enough from what I gather.

On another note... I imagine that some of the security updates for
stable have caused some frustration to the security team, as the flaw is
sometimes something that has been fixed in a later version, and applying
that fix to the older (Read: Old version not maintained any more
upstream) version could be non-trivial and seem a little futile when
upgrading to a new version fixes the problem.

David Stanaway

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: