* Marc Haber mh+grml@zugschlus.de [20070116 12:57]:
On Sun, Jan 14, 2007 at 02:03:57PM +0100, Michael Prokop wrote:
Especially as Debian testing does not get real security-support. :( That's not really relevant for workstations for me, but straight before a new stable release is available that's an important point - at least for me.
There is some kind of Security Support for Debian testing, by means of the testing security team. Unfortunately, they're missing a lot of the transparency I'd like to see from a security team, but that's nothing new for Debian. I plan to blog about this in the near future once I find the time.
Security support for testing is (AFAIK) nothing else than "we move packages from unstable to testing faster than usual". For me that's not real security-support as you can't activate just the security-testing pool but have to make use of the full testing-pool for upgrades. :-/
Unfortunately, even stable security support has been somewhat deteriorating since the sarge release, I hate to say. Especially in the past few months, in more than one case a security fix has reached testing by means of a normal unstable maintainer upload and normal testing migration before the stable security team issued the fix for stable. In theory, stable security could be much faster than a maintainer upload since the stable security team has access to embargoed vulnerability reports, which the normal maintainer does not have. This is all quite disappointing :-(
ACK
Yes, at least regarding bug reports for package maintainers. ;) But newbies can often locate problems in software because they lack developer's "business blindness" (Betriebsblindheit). At least isolating bugs is usually possible even with newbies, especially if they have support on their side (instant messaging, irc,...).
If you have a quick means of communications, things can work, but debugging via E-Mail with a newbie is a useless waste of time.
That's what I wanted to say. :)
The package freeze for Debian etch took place a few weeks ago. The unstable pool is "moving [nearly] as usual"
NACK. We did not have any library transitions for months, and new upstream versions are being withheld.
Hm, which ones are this for example?
and I don't notice any serious problems - and don't really expect to find any when etch is out. :)
I remember the PAM breakage where login to an unstable system became impossible. Without grml, I would have been in serious trouble back then.
Hehe. :) But usually the "I'm just a workstation user" users don't have to run daily upgrades and such problems should be visible through apt-listbugs then (except if you decided to take the time frame where the broken package was just uploaded of course ;)).
regards, -mika-