Re: On Mozilla-* updates
>
> Did you realize before this rant that this is already the policy, and has
> been documented in the Security Team FAQ for several years now?
This is not a rant, its cutting through the horse crap. If what I am
suggesting is already policy then why are we having this discussion? Why
was there ever an unsecure version of Mozilla in Woody? Why in Sarge?
If the "stable" version is broken and its impractical to fix it - what you
have said multiple times now - then put in the new one. Warn managers of
dependent packages and give them a short but realistic release date.
Leave the old package around so their packages don't instantly break if
they miss the dead line or someone values their status quo more than a
secure system. I don't really even think maintaining the old version is
neccessary, thats what pinning/holds are for. This is already what
happens for kernels.
> We already have hardware to build packages; that's not a problem at this
> time.
Fine, then mail me with what else I can do. If we go about it in a
sensible method I'm more than willing to help. What I don't want to
see is this discussion drag on eternally on
woe-is-me-they-wont-play-like-i-like-i-hate-change fashion, and the
situation either not be resolved or we do something stupid like drop
mozilla.
Just for the record I also vote against volitol. Security changes should
go into stable proper.
david.
Reply to: