Re: policy change is needed to keep debian secure

[Matt Zimmerman <mdz@debian.org>]

On Tue, Aug 23, 2005 at 09:46:54PM +1000, Paul Gear wrote:
> Daniel Sterling wrote:
> > Keeping Debian stable by not changing things is great.
> > 
> > Except maybe its not so great when you're trying to maintain a
> > complicated, buggy, high profile program that handles sensitive user
> > data and untrusted input.
> > 
> > Debian stable cannot stay stable without changing, sometimes
> > drastically.
> > 
> > Firefox in Debian stable cannot stay stable and secure by not changing.
> > ...
> 
> This issue has been done to death already.  Please read the archives of
> this list, especially one of Matt Zimmerman's posts in the "On Mozilla-*
> updates" thread, which reads in part:

Paul seems to be working from a different definition of "stable" than the
one used in the context of Debian releases.

>From WordNet (r) 2.0 [wn]:

  stable
       adj 1: resistant to change of position or condition; "a stable
              ladder"; "a stable peace"; "a stable relationship";
              "stable prices" [ant: {unstable}]
       2: firm and dependable; subject to little fluctuation; "the
          economy is stable"
       3: not taking part readily in chemical change
       4: maintaining equilibrium
       5: showing little if any change; "a static population" [syn: {static},
           {unchanging}]

That is what stable is about: not changing, or when change is absolutely
necessary, changing as little as possible.  A hot new Firefox release may
seem sexy to a Linux enthusiast, but to the novice, or to the corporate IS
administrator, it means risk.

-- 
 - mdz