Re: [Linux-aus] Now tell the rest of the story...

[Ryan Verner <xfesty@computeraddictions.com.au>]

On 25/03/2004, at 6:45 PM, Anthony Towns wrote:

> On Tue, Mar 23, 2004 at 11:43:37AM +1030, Paul Shirren wrote:
> > Perhaps Anthony Towns would like to comment on this line from the 
> > article:
> > "For example, Debian (Debian GNU/Linux) has left vulnerabilities there
> > and didn't release any patches for them."
>
> Not really; it's certainly true in some cases -- we don't do security
> support for unreleased distributions (testing, unstable or 
> experimental),
> so there are definitely vulnerabilities left in some of those packages;

Which is a problem; there's many people out there that run testing on 
their servers, because they find woody to be awfully out of date for 
their needs (and indeed, it can be).  Takes ages for security fixes to 
go in, though, as per testing policy of package propagation from 
unstable, so it's always baffled me why people do so.

I'm strongly of the opinion that there should be something in the 
middle of stable and testing; perhaps a stable with a more regular 
freeze cycle.  Of course, this requires additional manpower, and the 
chance of possible problems of course increases, but it'd really do 
wonders for Debian, and certainly make me a far happier person.  
Backporting my own packages to woody can be a pain in terms of time, 
and I really do not trust 99% third party repositories out there; I've 
ended up with enough broken packages, thankyou very much.

R

--

Signature space for rent.