Re: security.debian.org mirrors?
Guy Maor wrote:
> Wichert Akkerman <wichert@cs.leidenuniv.nl> writes:
>
> > The reasoning is that proposed-updated contains a lot of packages, some
> > of which might be broken (no check on uploading & installing). And we
> > don't want to encourage people to automatically upgrade to those, but we
> > do want to be able to allow people to automatically upgrade only
> > security-fixes.
>
> That's silly. Why not apply the labor that goes into keeping
> security.debian.org up-to-date and put it toward keeping stable up to
> date? Every time you want to put a package on security.debian.org,
> instead install it to stable and make a point-release.
A package should only get in security.debian.org if it is already uploaded
to proposed-updates or if an update has been made and waits for the next
dinstall run, this implies checking the .changes file, though.
I won't do point releases for each and every package, but combine
a bunch of them. The Security Policy that I've proposed says that
we will try to get a point release every one or two months, which
sounds proper.
Regards,
Joey
--
There are lies, statistics and benchmarks.
Please always Cc to me when replying to me on the lists.
Reply to: