Re: Bug#372721: http://www.debian.org/security/faq#testing wrong

To: debian-security@lists.debian.org
Cc: secure-testing-team@lists.alioth.debian.org, Debian-WWW <debian-www@lists.debian.org>
Subject: Re: Bug#372721: http://www.debian.org/security/faq#testing wrong
From: "Felipe Augusto van de Wiel (faw)" <felipe@cathedrallabs.org>
Date: Thu, 15 Jun 2006 23:55:18 -0300
Message-id: <[🔎] 44921D96.4050201@cathedrallabs.org>
In-reply-to: <[🔎] 20060611100951.11213.97951.reportbug@derek.14sageslea.org>
References: <[🔎] 20060611100951.11213.97951.reportbug@derek.14sageslea.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi -security,

	I would like your help with regards to #372721:

On 06/11/2006 07:09 AM, Simon Waters wrote:
> Package: www.debian.org
> Severity: important
> 
> 
> http://www.debian.org/security/faq#testing
> 
> refers to http://secure-testing-master.debian.net/
> 
> which no longer responds.
> 
> Debian announcement 
> http://lists.debian.org/debian-devel-announce/2006/05/msg00006.html
> 
> Should be incorporated into the FAQ
> 
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.15.2
> Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

	The FAQ needs a couple of changes. I start rewriting it but I
have a couple of doubts:

How is security handled for testing and unstable?
   A: The short answer is: it's not. Testing and unstable are rapidly moving
   targets and the security team does not have the resources needed to
   properly support those. If you want to have a secure (and stable) server
   you are strongly encouraged to stay with stable.  However, work is in
   progress to change this, with the formation of a
   [1]testing security team which has begun work to offer security support
   for testing, and to some extent, for unstable.

	For testing it is not true anymore. But what about unstable?

How does testing get security updates?

   A: Security updates will migrate into the testing
   distribution via unstable.  They are usually uploaded with
   their priority set to high, which will reduce the quarantine time
   to two days.  After this period, the packages will migrate into
   testing automatically, given that they are built for all
   architectures and their dependencies are fulfilled in testing.

   The [1]testing security team also makes security fixes available in
   their repository when the normal migration process is not fast enough.

	This topic also changes. As I understood it, we should replace
with something like: "testing gets security updates in the same way that
stable does", is that correct?

	Thanks in advance,

1.http://secure-testing-master.debian.net/
- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFEkh2WCjAO0JDlykYRAqo5AKCODQHqd7Rvlk/dTmpTor/vv3gJbACfUl4S
h4Rk7B6JOJ4ZJ0uhrJZwuMg=
=i4P3
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [Secure-testing-team] Re: Bug#372721: http://www.debian.org/security/faq#testing wrong
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Bug#372721: http://www.debian.org/security/faq#testing wrong
  - From: Simon Waters <simon@technocool.net>

Prev by Date: Re: http://www.debian.org/releases/sarge/errata.html
Next by Date: Removing posts from the archive (was: Re: Pornographic posting with coporate name)
Previous by thread: Bug#372721: http://www.debian.org/security/faq#testing wrong
Next by thread: Re: [Secure-testing-team] Re: Bug#372721: http://www.debian.org/security/faq#testing wrong
Index(es):
- Date
- Thread