Re: [all candidates] Advertising testing and security support
On 19/03/13 at 23:52 +0100, Jérémy Bobbio wrote:
> Lucas wrote in his plateform:
> For example, we have been providing a fairly good rolling release for
> almost 13 years with testing, but we totally fail at advertising it as
> something supported and usable by end users.
> Even if a dedicated team is supposed to care about security in
> testing , the dedicated mailing-list  has not seen an announcement
> since February 2011.
> Dear candidates, do you think it would be wise to advertise `testing` as
> a usable distribution to our users given that state of affairs? Given
> that our security support for stable is already not as best as it could
> be, do you think we should encourage volunteers to be more active in
> security support for testing? Do you have ideas on how to attract more
> volunteers to the dull, hard, and sometimes boring tasks of taking care
> of security issues in Debian?
First, having security support for testing with the same (high :) )
quality as for stable would be great, of course.
But I don't think that this is a prerequisite for advertising testing as
a rolling release.
- We would need to state clearly how security support for testing happens
(mostly through unstable, etc.)
- We could discourage the use of 'testing' on multi-user systems or
Internet servers. it's quite likely that the main use of testing will
be desktops/laptops anyway.
Note that some successful distros have more restricted/focused security
- (AFAIK) the Ubuntu Security team only issues updates for packages in
the 'main' component. the 'universe' component is (supposed to?) be
supported by the community.
- (AFAIK) Linux Mint relies on Ubuntu's security support
Finally, I think that it's a chicken and egg problem, too: if we
advertise testing as a recommended alternative for users, it is more
likely that people will be interested in helping with its security