Re: backports security
On 20091120_212056, Jes?s M. Navarro wrote:
> Hi Gerfried:
>
> On Thursday 19 November 2009 13:55:25 Gerfried Fuchs wrote:
> > Hi!
> >
> > Thanks to Sven for bringing the thread to my attention.
> >
> > * Sven Hoexter <sven@timegate.de> [2009-11-19 08:42:49 CET]:
> > > On Thu, Nov 19, 2009 at 02:16:15PM +0700, Sthu Deus wrote:
> > > > I have searched backport, wiki web sites and still can not
> > > backports.org is not under the hands of the Debian security team.
> >
> > Likewise with unstable and testing these days unfortunately. Too little
> > people able to put their efforts into it, overworked and stuff.
>
> Unfortunately? I'd better say "by design". Unstable/Testing is not there to
> provide a product to final users but to provide a testbed for software
> integration. If there's a problem with a software package you:
> a) Resolve it if it's a problem with the way Debian packages it.
> b) Wait for upstream to resolve the problem.
>
> I don't see how deriving away to those goals would be in benefit of anyone,
> even if you could count with enough hands to manage the task. I in fact find
> that too many times package maintainers are to "bland" regarding what
> their "real work" should be in that neither unstable nor testing is the
> testbed for *the programs* but for their packaging so I wouldn't send to
> unstable software known to be non-production ready (i.e.: KDE prior to 4.4 or
> even 4.5).
Your position is commendable as an ideal way to operate Debian, but ...
In the real world, there a lot of people who are quite unaware of how special
Debian is, and think, quite unrealistically, that it is just another variant
of RedHat or Ubuntu or whatever. Without backports, these people would be
constantly nagging for a way to cross-install packages from other distros.
I think life would actually be a lot less pleasant for people like you who
want to work on a good, solid, reliable distro.
--
Paul E Condon
pecondon@mesanetworks.net
Reply to: