On Wed, Feb 20, 2008 at 07:44:30PM -0500, Joey Hess wrote: > Moritz Muehlenhoff wrote: > > We could just declare arm a second-class architecture for security updates, > > i.e. DSAs being released once all archs are available except arm and arm > > updates being released once available. For small to medium packages most > > updates would still be released in sync, since we're not available to > > release updates 24/7. > > Yeah, that's what I was suggesting. > > > But we should stop withholding security updates because we wait on slow > > archs. Debian was the first to fix the vmsplice root exploit. If we > > had released all archs in sync we would have left most of our users > > unprotected for two more days. > > And that advisory was initially only released for alpha, i386, amd64, ia64, > and s390 -- so it wasn't only arm being too slow in that case. Perhaps > arm delayed the follow-up advisory though?
In this case I released builds as soon as I saw them come available, but waited until they were all released before sending an update to Florian's DSA. sparc took longer than arm to send a build log, which is abnormal in my experience. I actually ended up releasing a manual build under the assumption the sparc buildd was having problems. -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]