On Tue, Oct 05, 2004 at 07:54:51AM +0200, martin f krafft wrote: > also sprach Matthew Garrett <[EMAIL PROTECTED]> [2004.10.05.0015 +0200]: > > > We can push neither of them into Debian via security.d.o. No, > > > sorry, this is not the way stable works. > > > > /Should/ it be the way stable works? We have the ability to change > > that. > > No. It's "stable". It's one of the major features of Debian that we > do not pull in dependencies but rather backport the fixes. People > have come to rely on it. > > I consider volatile software a whole new class which cannot fit in > with the regular "never touch a running system" paradigm because it > needs to be cutting edge. > > Thus, I would consider it perfectly sensible for Debian to have > a new archive, e.g. volatile.debian.org, which plays nice with the > current stable, but which has turnaround times of a couple of days > at max. >
I agree. Security as is currently is perfectly suitable in many circumstances, and administrator (me for instance) could like the way things are currently done, i.e. no changes at all and backported patches for security. Not all the world needs on all boxes an up-to-date AV, and up-to-date anti-spam (or the latest Mozilla if we would agree about the opportunity of major upgrades for some selected programs). The ratio of a reasonable up-to-date volatile.d.o archive segregated in respect with security.d.o is all in this pov. Incidentally, volatile could also be used to upgrade stable for interactive use, which is probably the major reason of obsolescence for stable, but that's questionable. -- Francesco P. Lovergine
