[Grml] Re: Debian Etch and grml

Michael Prokop mika at grml.org
Tue Jan 16 13:06:46 CET 2007


* Marc Haber <mh+grml at zugschlus.de> [20070116 12:57]:
> On Sun, Jan 14, 2007 at 02:03:57PM +0100, Michael Prokop wrote:

> > Especially as Debian testing does not get real security-support. :(
> > That's not really relevant for workstations for me, but straight
> > before a new stable release is available that's an important point -
> > at least for me.

> There is some kind of Security Support for Debian testing, by means of
> the testing security team. Unfortunately, they're missing a lot of the
> transparency I'd like to see from a security team, but that's nothing
> new for Debian. I plan to blog about this in the near future once I
> find the time.

Security support for testing is (AFAIK) nothing else than "we move
packages from unstable to testing faster than usual". For me that's
not real security-support as you can't activate just the
security-testing pool but have to make use of the full testing-pool
for upgrades. :-/

> Unfortunately, even stable security support has been somewhat
> deteriorating since the sarge release, I hate to say. Especially in
> the past few months, in more than one case a security fix has reached
> testing by means of a normal unstable maintainer upload and normal
> testing migration before the stable security team issued the fix for
> stable. In theory, stable security could be much faster than a
> maintainer upload since the stable security team has access to
> embargoed vulnerability reports, which the normal maintainer does not
> have. This is all quite disappointing :-(

ACK

> > Yes, at least regarding bug reports for package maintainers. ;) But
> > newbies can often locate problems in software because they lack
> > developer's "business blindness" (Betriebsblindheit). At least
> > isolating bugs is usually possible even with newbies, especially if
> > they have support on their side (instant messaging, irc,...).

> If you have a quick means of communications, things can work, but
> debugging via E-Mail with a newbie is a useless waste of time.

That's what I wanted to say. :)

> > The package freeze for Debian etch took place a few weeks ago. The
> > unstable pool is "moving [nearly] as usual"

> NACK. We did not have any library transitions for months, and new
> upstream versions are being withheld.

Hm, which ones are this for example?

> >  and I don't notice any serious problems - and don't really expect to
> >  find any when etch is out. :)

> I remember the PAM breakage where login to an unstable system became
> impossible. Without grml, I would have been in serious trouble back
> then.

Hehe. :) But usually the "I'm just a workstation user" users don't
have to run daily upgrades and such problems should be visible
through apt-listbugs then (except if you decided to take the time
frame where the broken package was just uploaded of course ;)).

regards,
-mika-
-- 
 http://grml.org/            # Linux for texttool-users and sysadmins
 http://wiki.grml.org/       # share your knowledge
 http://grml.supersized.org/ # the grml development weblog
 #grml @ irc.freenode.org    # meet us on irc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mur.at/pipermail/grml/attachments/20070116/28c24e28/attachment-0002.pgp 


More information about the Grml mailing list