* Marc Haber <[EMAIL PROTECTED]> [20070116 12:57]: > On Sun, Jan 14, 2007 at 02:03:57PM +0100, Michael Prokop wrote:
> > Especially as Debian testing does not get real security-support. :( > > That's not really relevant for workstations for me, but straight > > before a new stable release is available that's an important point - > > at least for me. > There is some kind of Security Support for Debian testing, by means of > the testing security team. Unfortunately, they're missing a lot of the > transparency I'd like to see from a security team, but that's nothing > new for Debian. I plan to blog about this in the near future once I > find the time. Security support for testing is (AFAIK) nothing else than "we move packages from unstable to testing faster than usual". For me that's not real security-support as you can't activate just the security-testing pool but have to make use of the full testing-pool for upgrades. :-/ > Unfortunately, even stable security support has been somewhat > deteriorating since the sarge release, I hate to say. Especially in > the past few months, in more than one case a security fix has reached > testing by means of a normal unstable maintainer upload and normal > testing migration before the stable security team issued the fix for > stable. In theory, stable security could be much faster than a > maintainer upload since the stable security team has access to > embargoed vulnerability reports, which the normal maintainer does not > have. This is all quite disappointing :-( ACK > > Yes, at least regarding bug reports for package maintainers. ;) But > > newbies can often locate problems in software because they lack > > developer's "business blindness" (Betriebsblindheit). At least > > isolating bugs is usually possible even with newbies, especially if > > they have support on their side (instant messaging, irc,...). > If you have a quick means of communications, things can work, but > debugging via E-Mail with a newbie is a useless waste of time. That's what I wanted to say. :) > > The package freeze for Debian etch took place a few weeks ago. The > > unstable pool is "moving [nearly] as usual" > NACK. We did not have any library transitions for months, and new > upstream versions are being withheld. Hm, which ones are this for example? > > and I don't notice any serious problems - and don't really expect to > > find any when etch is out. :) > I remember the PAM breakage where login to an unstable system became > impossible. Without grml, I would have been in serious trouble back > then. Hehe. :) But usually the "I'm just a workstation user" users don't have to run daily upgrades and such problems should be visible through apt-listbugs then (except if you decided to take the time frame where the broken package was just uploaded of course ;)). regards, -mika- -- http://grml.org/ # Linux for texttool-users and sysadmins http://wiki.grml.org/ # share your knowledge http://grml.supersized.org/ # the grml development weblog #grml @ irc.freenode.org # meet us on irc
pgp6cRke8Krb7.pgp
Description: PGP signature
_______________________________________________ Grml mailing list - [email protected] http://lists.mur.at/mailman/listinfo/grml join #grml on irc.freenode.org grml-devel-blog: http://grml.supersized.org/
