Re: [SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities
- To: Josip Rodin <joy@entuzijast.net>
- Cc: debian-sparc@lists.debian.org, team@security.debian.org, ajt@debian.org, bcollins@debian.org, jbailey@debian.org, rmurray@debian.org, troup@debian.org
- Subject: Re: [SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities
- From: Steve Langasek <vorlon@debian.org>
- Date: Fri, 18 May 2007 03:56:06 -0700
- Message-id: <[🔎] 20070518105606.GB31788@borges.dodds.net>
- Mail-followup-to: Steve Langasek <vorlon@debian.org>, Josip Rodin <joy@entuzijast.net>, debian-sparc@lists.debian.org, team@security.debian.org, ajt@debian.org, bcollins@debian.org, jbailey@debian.org, rmurray@debian.org, troup@debian.org
- In-reply-to: <[🔎] 20070518090752.GA26774@keid.carnet.hr>
- References: <20070517212202.GA3464@galadriel.inutil.org> <[🔎] 20070517223950.GA2531@keid.carnet.hr> <[🔎] 20070518020830.GA14851@dario.dodds.net> <[🔎] 20070518090752.GA26774@keid.carnet.hr>
On Fri, May 18, 2007 at 11:07:52AM +0200, Josip Rodin wrote:
> > Anyway, as far as getting something done, I would suggest opening an RT
> > ticket and documenting in that ticket:
> [...]
> I did that now, thanks.
> I combined two sets of information in it - the specific details about this
> sparc machine that I sent to the mailing list, and general information about
> the location which I had already provided to DSA in an offer to host that
> other machine that they put out a few years ago.
Looks good to me, thanks!
> > If DSA has to go fishing for these details, chances are good that they
> > /won't/ do so, because there are always fires going on that will take
> > priority.
> I appreciate you being courteous to spell this out, but it's a problem in
> itself if one has to make these justifications... If as you say that our
> only sparc buildd is MIA for two weeks and not fixed yet, what greater fire
> is there, taking priority thoughout this time? Problems worse than two-week
> downtimes should probably make us all pretty scared...
Uh, auric is not the only sparc buildd, it's just the only one configured
for building oldstable-security (apparently). spontini is still up and
building just fine for other suites, so if and when DSA decides they need to
go for plan B wrt auric's downtime, getting oldstable-security set up on
spontini would still be a quicker fix than provisioning a whole new buildd
from scratch.
As for problems worse than a two-week downtime, well, there's the 1.5-month
downtime of goedel (alpha buildd redundancy), the one-month downtime of four
of the arm buildds because of what may be an incompatibility between their
kernel and sid's glibc, the three-day downtime of the only running i386
buildd... though when I mentioned fires, I was including auric itself in
that reckoning. ;)
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: