Re: updated debian development diagram -- comments?
On Sun, 09 Jan 2005 18:59:58 -0800, Brian Nelson <firstname.lastname@example.org> wrote:
> Olaf Conradi <email@example.com> writes:
> > On Sun, 09 Jan 2005 15:42:36 -0600, Ron Johnson <firstname.lastname@example.org> wrote:
> >> On Sun, 2005-01-09 at 16:20 -0500, Tom Allison wrote:
> >> > Ron Johnson wrote:
> >> > > On Sun, 2005-01-09 at 15:04 +0100, Olaf Conradi wrote:
> >> > >>Most of the development work that is done in Debian, is uploaded to
> >> > >>this distribution. This distribution will never get released; instead,
> >> > >>packages from it will propagate into testing and then into a real
> >> > >>release. Security updates for "unstable" distribution are not managed
> >> > >>by the security team.
> >> > >
> >> > > That is misleading. Yes, the Security Team doesn't manage Sid,
> >> > > but the maintainers themselves either patch or push thru new versions
> >> > > from upstream.
> >> >
> >> > There's nothing misleading about it.
> >> mislead != wrong
> >> The statement "Security Team doesn't manage Sid" is true, but
> >> someone who doesn't know Debian wouldn't know that Sid packages
> >> get fixed, too.
> > Well, just add a line describing it's the package maintainers decision
> > on the timeliness of updates in unstable. The point was that security
> > updates in unstable aren't done at high priority.
> Why would you say that? Just because security updates in unstable are
> the maintainer's responsibility and not the security team's doesn't mean
> they aren't given any less priority.
True, my wording was a bit awkward. Maintainers do a great job keeping up.
I meant to say that compared to stable and testing if it's near a
release, unstable can lag behind a bit, just like the Debian homepage
"The code name for Debian's development distribution is "sid", aliased
to "unstable". Most of the development work that is done in Debian, is
uploaded to this distribution. This distribution will never get
released; instead, packages from it will propagate into testing and
then into a real release. Please note that security updates for
"unstable" distribution are not managed by the security team. Hence,
"unstable" does not get security updates in a timely manner."
> >> Packages filter into testing after being in Sid for some time.
> >> Thus, Sid's versions will always get the patches first.
> > That's not always true. If testing is already frozen and unstable
> > contains newer development versions, then RC and security related bugs
> > can go to testing-proposed-updates and bypass unstable.
> > Or if unstable contains a higher version, one can upload the new
> > testing version to unstable with a high priority. People tracking
> > unstable will never see the update, because it has a lower upstream
> > version.
> I'm pretty sure that's not possible. Even if it is, it should be
> strongly discouraged.
Yes, you're right. Misinterpreted the flow of some packages due to
aging and dependencies among others. Got confused by looking at the
dates in a changelog. So it's only the first case, not the second.