Re: policy change is needed to keep debian secure

To: debian-security@lists.debian.org
Subject: Re: policy change is needed to keep debian secure
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 23 Aug 2005 10:29:18 -0700
Message-id: <[🔎] 20050823172918.GC23036@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] af035842050823100459527f67@mail.gmail.com>
References: <[🔎] 4307D2B7.4080206@lost-habit.com> <[🔎] def2bj$en5$1@sea.gmane.org> <[🔎] 20050823163302.GA23036@alcor.net> <[🔎] af035842050823100459527f67@mail.gmail.com>

On Tue, Aug 23, 2005 at 10:04:24AM -0700, Al Eridani wrote:

> This is a strawman argument: I haven't seen anybody write that they want a
> new release of Firefox because is "sexy".

I guess you aren't reading my mail, then.  People request new versions in
stable all the time for little reason more than the fact that they have
higher version numbers.  I get harrassed by upstreams for not pushing their
releases into stable, telling me that backporting is stupid and I should
trust them implicitly never to have regressions in new releases.  Similarly,
I have received criticisms from users whose systems have been severely
broken by new upstream versions of software.

Threads like this one which take on faith that the solution is obvious, and
seem to exist only to release steam, don't help us move forward.  It isn't
obvious, and in this particular case there is an ongoing dialog with the
Mozilla developers about the problems with the current arrangement and how
to fix it.

> But, please, do not deride people with opinions different than yours by
> bringing up non-existent arguments.

Please take the time to understand the issues and their history before
reducing this to a matter of opinion.  My argument is based on first-hand
experience doing security support for Debian.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: policy change is needed to keep debian secure
  - From: Paul Gear <paul@gear.dyndns.org>
- Re: policy change is needed to keep debian secure
  - From: Ben Bucksch <ben.bucksch.news@beonex.com>

References:
- policy change is needed to keep debian secure
  - From: Daniel Sterling <daniel@lost-habit.com>
- Re: policy change is needed to keep debian secure
  - From: Paul Gear <paul@gear.dyndns.org>
- Re: policy change is needed to keep debian secure
  - From: Matt Zimmerman <mdz@debian.org>
- Re: policy change is needed to keep debian secure
  - From: Al Eridani <al.eridani@gmail.com>

Prev by Date: Re: policy change is needed to keep debian secure
Next by Date: Re: policy change is needed to keep debian secure
Previous by thread: Re: policy change is needed to keep debian secure
Next by thread: Re: policy change is needed to keep debian secure
Index(es):
- Date
- Thread