[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [all candidates] Advertising testing and security support

On 2013-03-19 16:52, Jérémy Bobbio wrote:
Even if a dedicated team is supposed to care about security in
testing [1], the dedicated mailing-list [2] has not seen an announcement
since February 2011.

Debian Security Advisories don't only comment on the stable for stable -- looking through recent DSAs, most of the time a fix has been ready for testing as well as stable.

Dear candidates, do you think it would be wise to advertise `testing` as
a usable distribution to our users given that state of affairs?

I am already happy to advertise testing to large categories of users, so yes, as long as the reasons to choose this option compared to stable, and reasons to avoid it, are made clear.

Are you only talking about increasing "official" mention of testing as an option, or do you think that individual people don't feel they are welcome to advertise testing? (If so, why do you think they don't?)

that our security support for stable is already not as best as it could
be, do you think we should encourage volunteers to be more active in
security support for testing?

From our current starting point, I don't see that encouraging more use of testing would be likely to harm stable security support. I am slightly worried that if we had a popular rolling release different from current testing it might indirectly harm the quality of the stable releases, but I still wouldn't see that as a reason to try to discourage people working on things they want.

Do you have ideas on how to attract more
volunteers to the dull, hard, and sometimes boring tasks of taking care
of security issues in Debian?

It's not clear to me why you seem to think that dealing with security issues is more dull/boring than general package maintenance! Locating security issues may sometimes be challenging, but can be quite fun; the prospect of early access to embargoed information can attract some people; and working across the whole distribution should be more varied/interesting than working on individual packages. Perhaps part of the way to attract more people could be to look for them while emphasising these positive aspects? I equally don't think we should assume that something being hard will in itself discourage volunteers.

In practical terms I don't see any difference from how to get more volunteers for anything in Debian: those currently involved and others interested in the topic should provide clear documentation (including e.g. wiki pages with current status and things people could work on), advertise what's happening and the desire for volunteers on the mailing lists, and reach out to people working on related topics for ideas and possible direct help.


Reply to: