Re: backports security

["Jesús M. Navarro" <jesus.navarro@undominio.net>]

Hi Gerfried:

On Thursday 19 November 2009 13:55:25 Gerfried Fuchs wrote:
> 	Hi!
>
>  Thanks to Sven for bringing the thread to my attention.
>
> * Sven Hoexter <sven@timegate.de> [2009-11-19 08:42:49 CET]:
> > On Thu, Nov 19, 2009 at 02:16:15PM +0700, Sthu Deus wrote:
> > > I have searched backport, wiki web sites and still can not
> > backports.org is not under the hands of the Debian security team.
>
>  Likewise with unstable and testing these days unfortunately. Too little
> people able to put their efforts into it, overworked and stuff.

Unfortunately?  I'd better say "by design".  Unstable/Testing is not there to 
provide a product to final users but to provide a testbed for software 
integration.  If there's a problem with a software package you:
a) Resolve it if it's a problem with the way Debian packages it.
b) Wait for upstream to resolve the problem.

I don't see how deriving away to those goals would be in benefit of anyone, 
even if you could count with enough hands to manage the task.  I in fact find 
that too many times package maintainers are to "bland" regarding what 
their "real work" should be in that neither unstable nor testing is the 
testbed for *the programs* but for their packaging so I wouldn't send to 
unstable software known to be non-production ready (i.e.: KDE prior to 4.4 or 
even 4.5).