Jan Ingvoldstad <[email protected]> writes: > As a Debian user, I have learned not to use backports for anything > important because, let's face it, I'm *toast* if I do so.
> I have griped about the backports security policy years ago, and others > have, too, but you and Alexander shoot any constructive criticism down > with frankly very off-putting, negative, unconstructive responses. This is completely absurd. I have used backports for production packages for years, including packages for which I need security updates. You are being far too absolutist and, by doing so, insulting to the hard work that people put into maintaining backports. It is true that the security support in backports is *not as good* and *not as reliable* as the (best-in-class) security support offered for the main Debian distribution. This is fine, or at least entirely expected. Fewer resources go into backports, and the person maintaining the backport has primary responsibility for security, without the support of a regular security team. You need to go into this with your eyes open. However, it is absolutely not the case that you're "toast" if there's a security issue; you can ask that it be fixed, or you can even fix it yourself! My experience is that the security support for Debian backports is still better than the security support for, say, Ubuntu universe in an LTS release, which people use in production without a second thought despite the fact that the security guarantees are nearly non-existent and the support is often dire. The standard you're applying here is much too high. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
