Re: Patched sendmail? testing?

[Colin Watson <cjwatson@debian.org>]

On Tue, Mar 04, 2003 at 02:04:48PM -0500, stan wrote:
> On Tue, Mar 04, 2003 at 05:02:10PM +0000, Colin Watson wrote:
> > That's a hopeless exaggeration; I run stable happily on my home server.
> > Anyway, if you run testing you need to manage the security yourself by
> > backporting patches. I don't believe anyone will ever have told you
> > otherwise.
> > 
> > (It's not an ideal situation, true. However, it's reality.)
> 
> Not idael at all. As a matter of fact, it makes the whole concept of a
> testing release pretty useless.

No it doesn't. It's designed to help developers get an idea of how close
we are to having something releasable, and to make the release process
itself easier. If some users find it useful, that's great - an added
bonus. But you should still take care when using it on machines
connected directly to the net (which, remember, is not anywhere close to
all Debian systems).

> So, we have a pretty "stable" release good enough "IMHO" for "real
> production" work. But we choose to cripple it by not providing security
> updtaes? 
> 
> Sounds like bad allocation of resources to me!

That's nice. When "resources" (i.e. developers) come along who have the
time and skill to start performing testing security updates, it'll be
done: this came up on -devel fairly recently, and all the technical
facilities to allow such updates to happen are there. Until then we can
but admit once again that it's not ideal and shrug.

(BTW, "allocation of resources"? How on earth do people think this works
in a volunteer project? People allocate *themselves*.)

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]