|| ||Steve Langasek <vorlon-AT-debian.org> |
|| ||debian-devel-AT-lists.debian.org |
|| ||Re: Dreamhost dumps Debian |
|| ||Tue, 20 Aug 2013 10:40:56 -0700|
|| ||Article, Thread
On Tue, Aug 20, 2013 at 06:35:08PM +0200, Pau Garcia i Quiles wrote:
> On Tue, Aug 20, 2013 at 6:25 PM, Ian Jackson <
> email@example.com> wrote:
> > > The bigger problem for a Debian LTS is this: 1. who is going to do
> > > > security support for it ?
> > > The same people that maintain the packages in sid and stable: the
> > > maintainer(s) for each package. [...]
> > That is not the case. At the moment most of this is done by the
> > Debian security team. Of course some package maintainers do help.
> IMHO that should be turned around: package maintainers should be the ones
> responsible for updates and the Security Team should help with that (e. g.
> by providing tips and/or reviewing the fixes)
That's not the understanding that was in place when I joined Debian.
Certainly there seems to be a move by the security team to push more and
more responsibility onto the package maintainers lately; I understand the
motivation (like everyone else they have more to do than they have time to
do it in), but I think the outcome, whereby the security team denies use of
the security update channel for non-"critical" security bugs and redirects
maintainers to stable-updates instead, is unfortunate. As far as I'm
concerned, a security fix that isn't worth being pushed to
security.debian.org is also not worth me spending time on as a maintainer to
push to stable-updates.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
to post comments)