Re: Sarge freeze and security updates

To: List - Debian Security <debian-security@lists.debian.org>
Subject: Re: Sarge freeze and security updates
From: Simon Huggins <huggie@earth.li>
Date: Mon, 24 Feb 2003 09:13:17 +0000
Message-id: <[🔎] 20030224091317.GO29583@paranoidfreak.co.uk>
Mail-followup-to: List - Debian Security <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20030223230910.GB8037@sven.home.hoaxter.de>
References: <[🔎] 3E585230.5050704@hanaden.com> <[🔎] 1045982121.1812.22.camel@localhost> <[🔎] 20030223182517.GE29583@paranoidfreak.co.uk> <[🔎] 20030223230910.GB8037@sven.home.hoaxter.de>

Thanks for your patronising reply.

On Mon, Feb 24, 2003 at 12:09:10AM +0100, Sven Hoexter wrote:
> On Sun, Feb 23, 2003 at 06:25:17PM +0000, Simon Huggins wrote:
> > On Sun, Feb 23, 2003 at 01:35:22AM -0500, Mark L. Kahnt wrote:
[..]
> > It would however be nice to have security available for sarge for
> > reassurance but also so that people could choose it as a supported
> > release of Debian.
> Testing is not a supported release, testing is a place where
> developers and packagers try to get a stable base for a new release
> think of it like a dynamic beta version.

I know all this.  This is why I said "nice to have".  This is why I
don't run testing on any production server.

There is no reason why at some point in the future security packages
could be created for it.  You would then be able to release it almost as
it was if there was an installer ready to go.

> > I don't see why people are worried about numbering for security
> > patches for testing.  Why wouldn't they be done in the same way that
> > security patches are done at the moment?  i.e 1.2.3-1.sarge.1 as the
> > security fix for 1.2.3-1
> It's not the intention of testing to be used as a release.

Right, but people will nonetheless run it.  

> It is a testing stage in the hard process to get from one stable
> release to another. What's more needed are shorter release cycles so
> that there is no need to switch to something between the bleeding edge
> and a security nightmare.  Maybe it's easier to understand that if you
> call the baby testing instead of the nice nick name cause testing
> describes better what it is atm and not what it's going to be.

> Another fact is that security support for testing would consume
> resources wich are more needed in the development and freezing
> prozess.

Doesn't that depend who does it?  In the past when this issue has arisen
people have volunteered to put the effort in and this can surely only be
easier with the improved security infrastructure.

> I hope that you can now understand what testing is and why there
> should not be security support for it.

I was really just replying about the numbering of packages - there is no
problem there.  I don't see why you say there should be no security
support for it.  There isn't today, but there could be one day.

Simon.

-- 
* "Fast, fat computers breed slow, lazy programmers."               *
|                                                                   |
*                                                                   *
           Brought to you by the letter K and the number  5

Reply to:

References:
- Sarge freeze and security updates
  - From: Hanasaki JiJi <hanasaki@hanaden.com>
- Re: Sarge freeze and security updates
  - From: "Mark L. Kahnt" <kahnt@hosehead.dyndns.org>
- Re: Sarge freeze and security updates
  - From: Simon Huggins <huggie@earth.li>
- Re: Sarge freeze and security updates
  - From: Sven Hoexter <sven@telelev.net>

Prev by Date: Re: Sarge freeze and security updates
Next by Date: Re: Sarge freeze and security updates
Previous by thread: Re: Sarge freeze and security updates
Next by thread: Re: Sarge freeze and security updates
Index(es):
- Date
- Thread