[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#372721: http://www.debian.org/security/faq#testing wrong

Hash: SHA1

Hi -security,

	I would like your help with regards to #372721:

On 06/11/2006 07:09 AM, Simon Waters wrote:
> Package: www.debian.org
> Severity: important
> http://www.debian.org/security/faq#testing
> refers to http://secure-testing-master.debian.net/
> which no longer responds.
> Debian announcement 
> http://lists.debian.org/debian-devel-announce/2006/05/msg00006.html
> Should be incorporated into the FAQ
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux
> Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

	The FAQ needs a couple of changes. I start rewriting it but I
have a couple of doubts:

How is security handled for testing and unstable?
   A: The short answer is: it's not. Testing and unstable are rapidly moving
   targets and the security team does not have the resources needed to
   properly support those. If you want to have a secure (and stable) server
   you are strongly encouraged to stay with stable.  However, work is in
   progress to change this, with the formation of a
   [1]testing security team which has begun work to offer security support
   for testing, and to some extent, for unstable.

	For testing it is not true anymore. But what about unstable?

How does testing get security updates?

   A: Security updates will migrate into the testing
   distribution via unstable.  They are usually uploaded with
   their priority set to high, which will reduce the quarantine time
   to two days.  After this period, the packages will migrate into
   testing automatically, given that they are built for all
   architectures and their dependencies are fulfilled in testing.

   The [1]testing security team also makes security fixes available in
   their repository when the normal migration process is not fast enough.

	This topic also changes. As I understood it, we should replace
with something like: "testing gets security updates in the same way that
stable does", is that correct?

	Thanks in advance,

- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


Reply to: