On Sat, Jun 2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:
#382607 (CVE-2006-4041) has apparently not been touched in 9 months.
This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
this was never confirmed.
The security tracker lists this as unimportant, with a note that
On Wed, 2007-05-30 at 18:22 -0700, Steve Langasek wrote:
On Thu, May 31, 2007 at 01:58:02AM +0100, Ben Hutchings wrote:
What evidence do you have that serious security bugs won't get
fixed in a
stable release because of MIA developers?
Search for years in
On Sat, 2007-06-02 at 16:22 +0200, Julien Cristau wrote:
On Sat, Jun 2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:
#382607 (CVE-2006-4041) has apparently not been touched in 9 months.
This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
this was never confirmed.
On Sat, Jun 02, 2007 at 03:38:46PM +0100, Ben Hutchings wrote:
On Sat, 2007-06-02 at 16:22 +0200, Julien Cristau wrote:
On Sat, Jun 2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:
#382607 (CVE-2006-4041) has apparently not been touched in 9 months.
This is probably mitigated by the fix
On Tue, May 29, 2007 at 07:46:34PM -0700, Steve Langasek wrote:
What evidence do you have that serious security bugs won't get fixed in a
stable release because of MIA developers? AFAIK, the burden of providing
security updates largely falls on the shoulders of the security team, even
in
On Wed, May 30, 2007 at 03:15:59AM -0400, Roberto C. S?nchez wrote:
On Tue, May 29, 2007 at 07:46:34PM -0700, Steve Langasek wrote:
What evidence do you have that serious security bugs won't get fixed in a
stable release because of MIA developers? AFAIK, the burden of providing
security
On Tue, May 29, 2007 at 11:51:38PM +0100, Ben Hutchings wrote:
think it would be a service to our users to grade how well supported
packages are. I have a number of ideas for ways in which this could be
done, but I think a discussion would yield something better that might
eventually be
On 29/05/2007 Ben Hutchings wrote:
There were some discussions on -private (and possibly here?) earlier in
the year about quality vs quantity of packages.
[...]
I don't think we want to start grading maintainers and I believe there's
a consensus that we should not be more selective about
On Wed, May 30, 2007 at 04:49:27PM +0200, Jonas Meurer wrote:
On 29/05/2007 Ben Hutchings wrote:
There were some discussions on -private (and possibly here?) earlier in
the year about quality vs quantity of packages.
[...]
I don't think we want to start grading maintainers and I
On Wed, 30 May 2007 16:49:27 +0200
Jonas Meurer [EMAIL PROTECTED] wrote:
Publishing the date of last upload is a very useful information here,
especially if you need to choose an application out of several unknown
alternatives.
That information is already available at packages.qa.d.o and
On Tue, 2007-05-29 at 19:46 -0700, Steve Langasek wrote:
On Tue, May 29, 2007 at 11:51:38PM +0100, Ben Hutchings wrote:
There were some discussions on -private (and possibly here?) earlier in
the year about quality vs quantity of packages.
It should be clear to most developers that our
On 30-May-07, 10:24 (CDT), Pierre Habouzit [EMAIL PROTECTED] wrote:
This is one of many indications. I could cite many others, good or not
so good indicators:
* size of the changelogs ;
Older packages will skew this.
* number of revisions per upstream release ;
As you note, depends
On Wed, 2007-05-30 at 16:48 -0700, Steve Langasek wrote:
On Wed, May 30, 2007 at 09:38:16PM +0100, Ben Hutchings wrote:
On Tue, 2007-05-29 at 19:46 -0700, Steve Langasek wrote:
On Tue, May 29, 2007 at 11:51:38PM +0100, Ben Hutchings wrote:
There were some discussions on -private (and
On Thu, May 31, 2007 at 01:58:02AM +0100, Ben Hutchings wrote:
What evidence do you have that serious security bugs won't get fixed
in a
stable release because of MIA developers?
Search for years in
Steve Langasek wrote:
Ok, can you provide an example to support this claim that sarge is worse?
http://security-tracker.debian.net/tracker/status/release/oldstable
http://security-tracker.debian.net/tracker/status/release/stable
(You may want to grep for high.)
I'm not saying that what the
There were some discussions on -private (and possibly here?) earlier in
the year about quality vs quantity of packages.
It should be clear to most developers that our many packages are not all
equal in quality; nor are all maintainers. Not everyone is aware that
packages in a stable release may
16 matches
Mail list logo